Computer Doc in Jos

Creating an Autocompleting Association Input in Rails3 + ActiveScaffold + JQuery UI

2010-11-13T14:30:00.023+01:00

Summary: This is a way to add an auto-completing input on a form in Rails 3 + ActiveScaffold using JQuery UI. No method or template overrides are needed. Only one short Javascript function is used. Note that ActiveScaffold uses Prototype rather than JQuery by default, so existing projects based on Prototype will have to be adjusted to use JQuery instead (as well?) for this to work.

The Rails/ActiveScaffold project I’m working on has models for Member and Country. Each member belongs to a country—i.e. has a nationality. This is all done in the usual way using a key country_id in the member model to refer to the country:

class Member < ActiveRecord::Base 
belongs_to :country

and

class Country < ActiveRecord::Base 
has_many :members

The usual way of making an editing control in the member create and update forms is simply to add the line

config.columns[:country].form_ui = :select

to the members controller. This creates a dropdown select box populated with the labels and ids (values) of the countries table. If your list of options (countries in this case) is very large, however, it can be impractical to send the entire list for the user to select from. Hence the need for something like an Ajax-based autocompletion input. As the user enters characters, the newly forming string is sent back to the server, which returns a list of possible options that match the string to the current point. Type “Z” for the country and “Zimbabwe” and “Zambia” pop up.

I've spent several days trying to convert a select-box to an autocompleting-text-box in my Rails project. One thought was that perhaps I should have left well-enough alone rather than make the change. Even selecting a list of several hundred options for a select list does not add too much overhead: say 300 items of 20 characters each = 6 KB, hardly worth worrying about. Still, I’ve done it so will document what worked for me.

My second thought is actually a question: why isn’t it dirt-easy to do this in Rails and/or ActiveScaffold? Is it so rarely used? Or perhaps I simply missed the easy way even though I did quite a bit of searching. There is an auto_complete plugin but I couldn't get it to work with Rails 3 and ActiveScaffold--perhaps I could now that I understand more. I was greatly helped by Anup Narkhede's helpful example. In the end, though, I found a method that seems to me even easier than using the plugin!

How to Do It

Anyway, this is how I did it – I’m sure there are better ways. To start with an overview, the way I did this is:

Adjust the member model so that we can set the country_id indirectly just by saying this_member.country_name='France'. To do this define accessor method's to read and write the member's country name. The read method looks up the country_id and returns the name, while the write method country_name= sets the country_id based on the name.
Replace the form's input for country_id with one for country_name.
Create a lookup function to be called by JQuery. For example, if JQuery sends 'Z' the function will return {'Zambia','Zimbabwe'}.
Add the JQuery autocomplete function to the country_name input.

The Details

Start with these models:

class Member < ActiveRecord::Base 
  belongs_to :country
end

class Country < ActiveRecord::Base
  validates_uniqueness_of :name
  has_many :members
end

Step 1: add the accessor functions to the `member` model:

class Member < ActiveRecord::Base 
  belongs_to :country

   def country_name
     Country.find(country_id).name
   end

   def country_name= (name)
     country = Country.find_by_name(name)
     self.country_id = country.id if country
   end
end

Step 2: Replace the form's input for `country_id` with one for `country_name`:

class MembersController < ApplicationController
  active_scaffold :member do |config|
    config.columns = [:name, :country_name]
  end
 end

Totally Optional Sidetrack: Before I hit on the technique of using the accessor methods in the model, I was overriding the MemberController update and create methods, as Anup Narkhede had shown. If for some reason you use a variation of that technique, there is one gotcha to be aware of. You cannot simply look up the id and insert it as params[:record][:country] unless the :country column was included in the form, because it will be ignored. This is part of the security of Rails 3: the user can't pass back arbitrary fields, because only those present in the form are processed. So, when I was overriding the controller update and create methods, I had to include the original :country column as a hidden field in the form. I'm guessing that this is also the reason that Anup first saved the country id in an instance variable @country, then used it in a before_create_save method rather than just adding the new element to the parameter hash.

Sidetrack: Note that you could compose any kind of string to use as the label rather than using "name." You would simply write the accessors for whatever you wanted. For example, you could use nationality rather than country name. Whatever is used, however, must be present and unique for each country so that the label-to-id lookup will return a single, valid country.

Step 3: Create a lookup function to be called by JQuery.

In app/controllers/autocomplete_controller.rb

class AutocompleteController < ApplicationController

  def country
    @countries = Country.where("name LIKE ?", "#{params[:term]}%").select("id, name")
    @json_resp = []
    @countries.each do |c|
      @json_resp << c.name
    end

    respond_to do |format|
      format.js { render :json => @json_resp }
    end
  end

I would have preferred to put this into the existing CountriesController, but for some reason when I did that the response was very slow (2+ seconds). In any case, it's important to get the routing right. I used

  match 'autocomplete/:action'

Step 4. Set up JQuery

We need to add JQuery and JQuery UI to our project if they're not already present. Add to your default template (or elsewhere as long as it will be available)

<%= stylesheet_link_tag

  'http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.4/themes/ui-lightness/jquery-ui.css' %>

<%= javascript_include_tag 'http://ajax.googleapis.com/ajax/libs/jquery/1.4.1/jquery.js' %>
<%= javascript_include_tag 'http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.4/jquery-ui.js' %>

If you prefer, you can load the files to your own Rails public/stylesheets and public/javascript folders and link to them there.

Finally, add this short script to public/javascripts/application.js:

$(function() {
  $( ".country_name-input" ).live("click", function(){
    $(this).autocomplete({
      source: "autocomplete/country.js"
      });
  });
});

The country_name-input (be careful of the underscore and hyphen) is the class of the input. You could use an ID or other means of specifying it depending on what ActiveScaffold or other framework is generating.

The .live("click" piece is used to attach the JQuery UI autocomplete widget to country_name-input as soon as the input is clicked. We do this because, in ActiveScaffold or other Ajax-based views, the input may not exist in the DOM when the page loads, so some other event must be used to attach it. The demo and documentation for JQuery UI autocomplete are at http://jqueryui.com/demos/autocomplete/.

Everything is in place and should work now, once you put a few countries into the countries table.

Please comment if you have any questions, corrections, or suggestions!

Change or Remove the Horizontal Line Above Footnotes in MS Word 2007

2010-10-12T10:28:00.003+01:00

This should be a simple thing, right? If you don’t want a separating line above the footnotes, just remove it. In my case, the end notes flow to several pages, and a line is still being put at the top of every page, conflicting with the page header.
I look around and tried to find how to do this, but (a) the help documentation doesn’t seem to say, at least not in a place I thought to look and (b) most of the answers on the Web refer to the same set of instructions from years ago for Word 2003, even when they claim to be for 2007. The instructions are actually almost the same, except that Word 2007 no longer has a “normal” view, which is what you are supposed to start with in the instructions.
Anyway, here is how to do it in Word 2007

Select Draft from the View tab on the ribbon
Select “Show Notes” from the References tab. If you don't see “Show Notes,” be sure you're looking at “References” and not “Review.”
Now you should see your notes in the bottom pane, below this menu:
Since “All Endnotes” is the first item in the drop-down box, you would think that the other options would be “All Footnotes” or similar. However, this is where you select the separator formatting & other options. Select “Endnote Separator.” I suppose if you have footnotes, you will see “Footnote Separator.”
Now you can delete the separator or define a new one. I don’t know if a graphic can be substituted; I couldn’t find a way. Be sure to re-define the “Endnote Continuation Separator” also, if you need to; it’s what appears on subsequent pages.

Thanks to Rob van der Heijden whose post was the one that finally got me on the right track!

Technorati Tags: MS Word 2007,separator,notes,footnotes,endnotes,formatting,remove,Microsoft Word 2007,Word,2007

Energy-efficient LCD Monitors

2010-04-03T18:33:00.002+01:00

Many of us live in areas where electrical power is at a premium, so one of the threads I follow in this blog is low-power computing. It’s amazing how far you can stretch your amps and watts these days without loosing much computing power.

I’ve recently bought a Fit-PC and have an order in for the Fit-PC2 model. These are very small “desktop” computers that run on only a few (6-8) watts, but do all the usual things you need a computer to do. In contrast, typical laptops run at 30-60 watts.
I haven’t had a chance to try out the Fit-PC yet, because I need a monitor. Since I’ve been living out of a suitcase for the last 7 months, I’ve just been using a laptop. Now that I’m getting ready to return to Nigeria in two months, though, I’m looking for an energy-efficient monitor.

One review of energy-efficient monitors covers four models, but only one is in the size range I want for carrying overseas: the Lenovo Thinkvision L1940P. It runs at 18 watts, is rated 5 (of 5) stars by one reviewer on Amazon, and costs $222. However, Amazon also sells the 19-inch ViewSonic VX1932wm-LED, which runs at only 15 watts, costs $167, and is rated 4.5 stars by 7 users. That's the one I plan to buy. With that monitor and the fit-PC, I'll be using barely 23 watts when using the computer at maximum capacity. That means I could run it for 24 hours straight on half the capacity of a 100 amp-hour 12V storage battery. Of course, the performance is nowhere near that of a “normal” desktop or even laptop, but it should be fine for most tasks (browsing, email, word-processing). I’ll let you know!

Send and Receive Faxes Online – Free (or almost free)!

2010-03-31T19:54:00.001+01:00

Faxes are becoming less essential in our lives as we can usually substitute scanned documents sent by email. Now and then, however, it’s useful or even necessary to send or receive a fax. There are a couple of low-cost (or free) solutions for this.

If your phone line is connected to your computer, then you can simply use the built-in fax services of you computer. However, that can be hard to set up. In any case, many of us no longer have working phone lines.

To send faxes, the service I like is FaxItNice. You can fax a document up to 10 pages long for $5. However, the better option is to sign up for the plan where you pay $20 up front, then pay only $0.18 per page whenever you want. Credits don’t expire. I’ve been using the service for 7 years and so far it has been quite stable and reliable. You just fill in name and number of the recipient, select a document you want to send (Word, text, PDF, images, and many other formats), and press the button to upload the document. You can preview the fax, add a cover sheet, then click to send. The service then sends the fax for you, redialing as needed until it gets through. You can try the system for free (one fax) here.

To receive faxes, which I need to do even less often than sending them, I use K7. It’s completely free. You just sign up to get a phone number which will then receive your faxes. When someone sends a fax, K7 will convert it to a fairly small image file and email it to you. You can also log in to view your faxes.

There are other services for sending and receiving faxes, but I haven’t found any better deals than these. Let me know if you have more suggestions.

Ushahidi to map conflict in Jos, Nigeria

2010-03-10T16:56:00.001+01:00

I’ve been interested in Ushahidi for some time now but had never gotten around to installing it. If you haven’t heard of it yet, Ushahidi is a web-based, community-oriented tool for mapping events. It has been used for tracking civil unrest, events related to the recent earthquakes in Chile and Haiti, and so on.

I finally did set up a test installation a few weeks ago, just in time for the latest outbreak of violence around Jos. You can see it at here. The killings this week were south of Jos. I still have not figured out how to connect email to the Ushahidi server, so it is not receiving alerts or sending them out. Also, there is no mobile phone connection so it’s not receiving text alerts. Anyone who wants to help set these up would be welcome.

I have also set up a news feed to gather from many sources news stories related to the conflict centered in Jos. I’ve used Yahoo Pipes to pull in the headlines from CNN, Reuters, al Jazeera, AllAfrica.com, and so on, then extracted the ones dealing with the Jos situation. You can view the stories or use the (RSS) news feed to put the headlines into your favorite news viewer such as Google Reader.

Trying out Free Smilebox – Flash Presentations from Your Photos and Videos

2010-01-14T23:12:00.001+01:00

I got an email from a friend today containing a family slideshow made at Smilebox. If you're not familiar with that site, it's an easy way to use your photos and videos to create a slideshow you can then email or post. The show is a self-contained Flash presentation that plays in any browser.

Since I just used Smilebox myself to make a little picture show, I thought might save you some time if I tell you more before you try it yourself. The most important point is that once you’ve assembled your show, you can’t change the style. Don’t spend a lot of time designing your show before you are sure which style you want to use.

The summary is that Smilebox is a good tool for a quick, simple slideshow. The results look professional. It probably isn’t the tool you want to use for your most important presentations both because it is inflexible.

I’ve created some samples with a few styles. They’re 2-8 MB each. See at

“Storybook” sample
“Photo Chronicle” sample
“Mosaic” 4x4 sample
“Slide” Simple slide show with 41 pictures.

The Good

There is a free version.
You can email your show, post it on Facebook or a blog, etc.
There are many styles to choose from, from simple slideshows to “books” with interactive zooming to greeting cards and notes.

Limitations

You need a reasonably good Internet connection to use this (not an issue in developed world).
Each style has its own methods for you to arrange and caption the photos. You have to experiment and learn each one. For example, the “Slide” style has a sorter view where you can drag and drop photos to reorder them, but most styles don’t. You may enter captions directly on the photo in some cases, or on the page in others, or have to click the enlarge button first.

Limitations on Free Version

For $3.00 you can avoid the following restrictions on a single presentation. You can also pay $6 per month or $40 per year to have the full version.

Supported by ads. As usual, you can’t know what ads might appear alongside your show.
Each style has its own music. You typically get three choices with each style. With the paid version, you can choose from hundreds of pieces of stock music or use your own.
The full version can play full-screen.

The Bad

The program does not use titles, captions, descriptions and so on that you may have already embedded in your pictures. You have to enter all captions whenever you start a new project.
Once you’ve committed to a style, you can’t change it without starting over. That is, you can choose a different style, but then you have to arrange and caption your photos all over again.
The styles are fixed in stone. That is, there is nothing you can modify, not fonts, position on page, layout of a given page, and so on. Of course, this is part of the reason that the program is simple.
The interface is rather slow. I think all the whole thing is written in Flash.

Let me know if you try it and have any further observations or comments.

Create a high-security vault for your data in 5 minutes

2009-07-04T14:26:00.005+01:00

In the last article, Protecting your sensitive data with TrueCrypt, I gave an overview of what Truecrypt can do for you: make an encrypted virtual hard drive, encrypt an entire partition, or encrypt an entire hard drive. This time, we'll see how to make the virtual hard drive in at most 5 minutes. Rather than write my own tutorial, I direct you to the step-by-step TrueCrypt Beginner's Tutorial with full screen shots.

Instead of another tutorial, I'll summarize the steps, add a note or two, and try to give a little more explanation of what is happening in this method.

Why use TrueCrypt?

First, why use Truecrypt rather than one of the many, many other encryption programs?

Compatibility: TrueCrypt runs on Microsoft systems from Windows 2000 upward, on Mac OS X 10.4 and 10.5, and on Linux. (According to this Wikipedia article, only one of the other 45 disk encryption programs work on all three systems, and that one is not open source).
Price: Free. Not shareware, not trial-ware, not "free download," but just free, period.
Open source: This means that anyone can examine the program's instructions to see how it all works. This means that many people can be working on improvements and bug-fixing. More importantly, though, the transparency of open source makes it hard for any security flaws to remain undetected.
Wide use. TrueCrypt is one of the most widely used encryption programs. The site reports over 10 million downloads to date.

That said, the most important thing is to protect your sensitive data somehow and to use a well-supported, respected encryption program. If you like experimenting, there are many programs out there. TrueCrypt can be a complicated program with all kinds of options, but it's quite easy to use the most important features.

Overview

Goal

What will you accomplish when you follow the tutorial?

Within a few minutes, you will have a new "drive" M: on your computer where you can safely store sensitive information. You can use it like any other drive--create files, drag-and-drop files into our out of folders on the drive, even use a folder on the drive as your "My Documents" if you like.
Though in action you see a new drive M:, all the data is kept in a container file that can only be unlocked ("mounted") using TrueCrypt and your passphrase.
While your new drive is mounted, you will not know or care that your files are encrypted. When you turn off your computer or lock ("dismount") the drive, the data will be invisible, safe from any prying eyes.
You can copy or move the entire encrypted drive, as a single file, to a different location such as a USB flash drive or another computer. This is good for backup.

Steps

Here's a high-level explanation of the 18 steps in the tutorial.

Step 1: Download and install the program.
Steps 2-12: Create the container file. This only has to be done once.
Steps 13-18: Mount the container file for use. You do this every time you want to unlock and access your data.

Precautions

You are making a data vault or safe, and your passphrase is the combination to the lock. There is no backup, no spare key or emergency button to use to recover your data if you lose or forget your passphrase. In most cases, it is probably best to record your passphrase somewhere safe rather then rely on your memory. Obviously, you don't want to keep it somewhere where a thief will see it, such as in your computer bag. Depending on your situation, you may not even want to keep it in writing in your home or office, but do consider keeping it somewhere.
Putting your information onto an encrypted drive is only one part of security. Do not neglect other parts; a chain is as strong as its weakest link.

OK, let's do it

Now, go to the tutorial and follow it step by step, referring to these notes as you do.

Step 1. Downloading and installing TrueCrypt. Ideally, you should download the program directly from TrueCrypt so that you get the most up-to-date, "pure" version.
Steps 2-5. Telling TrueCrypt you want to create a virtual drive. Just click the buttons as shown, no choices to make here.
Step 6. Specify location and name of container file. Attention: be sure to read the explanation in the tutorial. Although it might appear that you are to select an existing file to encrypt, this is not true. Rather you are giving the program the location and name of a file to create. This new file will be the "container" for your virtual drive. If you select an existing file, it will be erased, not encrypted!
Steps 7-8. Having chosen a name for your container file, you just press "next" two times.
Step 9. Tell TrueCrypt how big to make your virtual drive, how much data you will be able to store in it. TrueCrypt will create a container file of this size, so you will need at least that much free space in the location you have chosen. Don't make it too big if you plan to copy the entire thing onto a flash drive.
Optional note: If you choose to make the container "dynamic" (Step 11), it is very small at first and only grows as you add files. In this case, the size you select in step 9 is the maximum size. If you do not make the container dynamic, then the container file will be this maximum size from the very beginning, even though it contains no data.
Step 10. Choosing a passphrase. While you are just testing, you can use a simple passphrase. For serious use, however, be sure to read the guidelines about how to make a secure passphrase.
Step 11. Select format type. Just follow the instructions, moving your mouse around randomly for a while to help make the encryption strong, then click Format.
Optional note: For advanced use, you can use a format other than the default FAT. For large virtual drives in Windows, you might consider using NTFS.
Step 12. Finishing up. Now the container file is ready to use.
Steps 13-18. Mounting the container as a virtual hard drive. Although this occupies six steps in the tutorial, it is really simple. First, you choose a drive letter to assign to the new drive (step 13), then you tell TrueCrypt which container file to use (i.e., the one you just created) (steps 14-16). Finally, you enter your passphrase for that container file and mount it (steps 17-18).

At this point, your new drive M: is ready to use just like any other drive. Remember that you data is exposed as long as the drive is mounted; if someone steals the computer while you are working on it, M: will be unlocked until the computer is shut down. Depending on the situation, you may want to manually dismount it when you leave the computer or when you do not need to access the secure files.

Finally, read the small print at the end of the tutorial and realize that your original, unencrypted data is still present on your original drive even after you delete it--that's why file-recovery programs work. To permanently remove it, you need to use a disk wiping program with the option of erasing all unused disk space. See Purge Your Hard Drive for a good explanation. One wiping program is Heidi Computer's Eraser. Some others are reviewed in Best Free Secure Erase Utility.

Even then, how do you know that you have deleted all the files that contain sensitive data? What about backups, email folders, temporary files, obscure files in the Application Data folder, the paging and hibernation files? You really don't know. That's where whole disk encryption comes into play. It may seem a little scarier to think of altering your whole hard drive, but it's actually easier than making a virtual drive, and it eliminates all these residues of the information you want to protect. You will not need to worry about wiping or shredding your files, either. I'll cover whole disk encryption next time, in a much shorter article I hope!

Photo of safe by rpongsaj on Flickr, http://www.flickr.com/photos/pong/ / CC BY 2.0

Protecting your sensitive data with TrueCrypt

2009-07-04T09:04:00.005+01:00

About two weeks ago, I finally took the big plunge and encrypted my laptop's entire hard drive. I knew in theory that it was a good security precaution, and in fact, our mission's IT policy requires hard drive encryption on all laptops. It's a policy that is still more honored in the breech than in practice. Why didn't I do it earlier?

Not that I've been totally slack about protecting my data. I've always kept my passwords and financial accounts encrypted. (Always? What about those home accounting programs--I know my Microsoft Money program opens without a password....) I don't think there is any sensitive information in my email folders, except that anyone successfully logging on to the computer could get enough information about me and my contacts to start lots of scams even without actually breaking into my email server. ("This is Pastor Jonah, friend of Mike, who you support. He's been in a bad accident and needs money for treatment. Please urgently send $1000 to this account number ...") The bottom line is that any unencrypted information on my computer is potentially exposed to anyone who steals or borrows my laptop.

But since I have a good password for even logging on to my laptop, no one should even get that far, right? Wrong. It's very easy to break into a Windows computer if you have physical access to it. Anyway, if the data is not encrypted, someone can take out the hard drive and read it on another operating system.

Last year, I finally installed TrueCrypt, an excellent, free encryption tool. TrueCrypt can work in three main ways:

Create an encrypted virtual hard drive. Tell TrueCrypt where to put the file to contain the data, assign a pass phrase, and TrueCrypt creates new, encrypted volume ("hard drive") for you with the drive letter you choose, such as "T:". From then on, you can use it exactly like any other drive. As long as the volume is unlocked with your pass phrase, you can't even tell that the data is encrypted. Lock it again and the drive letter disappears, leaving only what looks like a file of random garbage.
Encrypt a partition. Most hard drives these days are divided into different logical areas or partitions, each with its own drive letter ("C drive," "D drive," etc.). TrueCrypt encrypts all the data in the entire partition, making it inaccessible until you supply the pass phrase. This option allows you to keep some data unprotected and more sensitive data encrypted on a separate partition. Unless you encrypt the operating system partition (usually C: in Windows), you can still boot the computer without the password.
Encrypt an entire drive. In this case, everything on the drive is encrypted and nothing can be accessed without the pass phrase. Nothing, that is, except the tiny boot program that loads enough TrueCrypt to get your password and unlock the drive for you. If you lose your pass phrase, there is no way you're going boot your system or recover your data, period.

Rather than encrypting my whole drive, I started with the first option--a virtual hard drive where I could keep my sensitive data. Next time I'll show just how easy it was.

How we use FrontlineSMS

2009-06-01T16:17:00.002+01:00

Jos, Nigeria has been in the news recently because of riots in November that killed hundreds of people. This was the second such episode since 2001, and the situation remains tense. Besides this, violent crime has increased rapidly in the past 4 years, with frequent robberies by armed gangs of up to 20 or more men.

Part of our response as a group of missions in Jos has been to strengthen our communications network, and FrontlineSMS has become a key part of that network. The mobile phone is the basic means of communication in Jos, where there are few if any functioning land lines, and where Internet access is still expensive and spotty. During the November crisis, we noticed that voice calls on the mobile network rarely connected, probably because of congestion, while SMS messages got through well.

With FrontlineSMS, we have so far developed a system with these features:

Anyone can text the system and receive a response with the current status message. In a crisis, this could contain warnings, instructions, announcements and so on.
Besides this "on demand" capability, we keep one list of users ("text alerts") who receive broadcast alerts.
Anyone can join the "text alerts" group by sending the request as a text message to the system. We ask people to send the message ".join " followed by their name. At this point, FrontlineSMS cannot automatically include the name when the phone number is added to a group, but we hope that could be added in the future.
We maintain other user lists such as compound security leaders, crisis management team, and so on. Anyone can broadcast a message to the crisis management team by prefixing a text message with a code that causes FrontlineSMS to forward the message to team members.
The system sends outgoing SMS message through the Internet when it is available. They're sent to the Clickatell, which routes them to the actual SMS network. Clickatell is is very fast and inexpensive. We can send about 80 messages per minute this way, far more than is currently possible if we were to send messages directly onto the mobile phone network.
FrontlineSMS is compatible with many mobile phones and modems. We are using a Huawei E170 modem.

Real Life Examples

Fortunately, we have not had actual rioting since we set up the system. However, there have been times when it has been very useful to send warnings and to raise the alert level. Here are some actual examples:

@Alerts: Jos is tense, please avoid downtown today.

@Security: X and Y have been robbed tonight & report the robbers took their Toyota Land cruiser and muttered something about Hillcrest on the way out.

@Alerts 20Feb 655pm. Serious rioting reported in Bauchi. No problems in Jos. Obey curfew, avoid areas that could be troublesome.

22 Feb 8am. *** Rioting on Friday Bauchi, churches & mosques burned. Now controlled. Keep on alert. Report signif news this num or ur security rep.

SecGrp: Some rumors are going around about unrest planned for Friday, .... Email or txt me if you know more. --Mike

Effectiveness

The system has worked quite well. The most serious limitations have been

The interfaces (modem and Internet) have had a tendency to lock up, failing to receive messages, and have to be re-initialized manually.
Message delivery is sometimes delayed for hours, occasionally more than a day. This is a fault of the local network and has nothing to do with FrontlineSMS or Clickatell.

Summary

FrontlineSMS has served us very well as a well to communicate quickly by SMS. We would recommend it for others in similar situations.

Using WSUS to save bandwidth, and how to set up an XP Home edition computer to use it

2009-05-26T09:46:00.004+01:00

Two of the biggest challenges in keeping computers running in Africa are power and bandwidth. Bandwidth as in connection to the Internet, which is now vital for many of us. We're constantly trying to control and limit our bandwidth usage, which gets harder as people have higher and higher expectations. Our old-timers remember when we had to pay $0.50 a page to get emails that were sent over a noisy transatlantic phone connection to an expensive, 19 kbps Zyxel modem. Newcomers from developed countries are used to streaming video, Skype phone calls, file-sharing and so on.

One of the hidden consumers of bandwidth, though, is program updates. Keeping programs up to date is critical for security, but can consume a lot of bandwidth. For example, our network at SIM Nigeria serves roughly 40 computers (including laptops members bring to the office just to connect to the Internet). If a set of Windows updates is released that comes to just 10 MB, that translates to 400 MB to update all 40 computers, which is close to a whole day's bandwidth allocation for us.

Part of the solution is to use Windows Server Update Services (WSUS). This lets you download Microsoft updates onto a server on your network from which all your other computers can access them. Each update is downloaded once for the whole network, rather than once for each computer. You can read about WSUS and how to set it up here on the Microsoft Technical network.

An issue I encountered when trying to get as many computers as possible to use WSUS, though, is that XP Home (as opposed to Pro) edition does not include the policy-setting tool (gpedit.msc) normally used to instruct computers to get updates from the local WSUS server rather than over the Internet from Microsoft. Nor can you simply copy gpedit.msc from another computer onto the XP Home computer.

Instead, you can use a simple script to add some keys to the XP Home computer's registry. The script and explanation can be found at Guide For Setting Up XP Home Clients With WSUS. Just create a new text file, enter "REGEDIT4" as the first line, and copy and paste the registry keys as shown in that page. Change the two occurrences of "http://yourWSUS" to reflect the URL of your WSUS server. Save the file as "WSUS4XPHome.reg" (or whatever.reg) and run it on the XP Home machine. I think a simple reboot will suffice to start it looking for updates in the new location, but the page above tells how to use some commands to start the process immediately and without rebooting.

Reversing the process

You definitely do not want to leave these settings on a computer once it is no longer using your network for updates, since it will then fail to be updated at all. For computers joined to a domain that sets the group policy to use WSUS, it should be enough to remove them from the domain. For computers you manually changed (via local policy or registry changes) , you will have to undo those changes. As far as I know, you can simply delete the entire [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate] key as it does not appear to exist in the default installation.

If anyone has corrections or further information, I would love to know.

Twe2 is gone, but then I never did get it to work

2009-05-18T16:04:00.002+01:00

Earlier, I wrote about a service called Twe2 that allows people around the world to get Twitter messages on their mobile phones. That's needed because Twitter does not send to mobiles in most countries, only to the US, Great Britain, Canada, and, for some reason, India. Twe2 was supposed to be a gateway you could use to get around that limitation. Without something like it, Twitter is of limited use here (actually, I'm still trying to figure out what the use is).

I've tried many times to get my mobile phone number "verified" to work on Twe2, but for some reason the confirmation message would never come through. Perhaps a problem with my carrier. Whatever the case, it's now a moot point because I learned today from Twe2's website that it no longer exists, the source code having been sold ~~to Wadja~~ (an unfortunately heavy, clumsy sounding name in English, in my opinion, but what's a name).

I've signed up for Wadja (as MikeBlyth, in case you want to follow me) and am trying to get some friends in Jos to join so that we can test its capabilities. So far, I haven't seen anything about a gateway with Twitter, but we don't really need that if all we want is to access a Twitter-like network for our friends in Nigeria. I'll report later how it works. So far, all I can say is that the web interface seems really slow, at least from Nigeria.

Disaster Avoided -- A Corrupted Microsoft Access Database File

2009-05-10T23:20:00.004+01:00

I had a near miss today, almost losing my main address list, which I keep in Microsoft Access. I haven't used it in quite a while, as I have another list of recent address changes, but it's still my most comprehensive list of mailing addresses. When I tried to open it today, I got a message that it was in an "inconsistent state" and Access would try to repair it. Next, an error message that it "can't be repaired" or "isn't a Microsoft Office Access Database File."

I tried using my backup copies, but they had the same problem. It has been very long--4 years!--since I've put backups onto CDs or DVDs, simply because it takes so many of them, and have been relying mainly on one or two levels of medium term backups on an external hard drive.

Of course, this is far better than nothing, but the risk is just what I encountered today: having a file lost or corrupted and not knowing about it until the last "good" backup is gone. The same can happen with a virus. If you are keeping system backups but a virus has silently infected your machine, it could happen that all your backups are infected by the time you discover the problem.

I tried the solutions I found on the Microsoft site and by Googling, but they didn't work. The main thing I learned was that when your Access database is corrupted, there is a good chance that it's not something you can repair on your own. There are professionals who will do it, and some commercial programs. I tried one program, Advanced Access Repair, which quickly showed me that my data was recoverable. I was all ready to pay the $29.99 price of the program to actually recover the data, then noticed that the price is really $299.99. Oops.

Happily for me, the next program I tried was MDB Repair Tool, by Skysof, and it promptly repaired the database without my having to answer any questions or try different options. It just worked. To my surprise, this "trial" version actually recovered all the data for me for free, and I still have 58 more uses before I have to register. What a deal!

Lessons learned:

If you can't or don't want to save full backups to long-term media (DVD, CD, tape, or online), then you should at least save your most important data that way once in a while. This method is risky because you might miss data you should have backed up, but at least you will have most of what you need. (Be sure to include your email in your backup; it may not be included if you're not careful).
My address list doesn't need to be kept only in an Access database. I could periodically backup the actual address information so a simple text file. Then, if I lost the Access file, at least I would have the essential data.
Hopefully I won't ever have to repair another Access database, but if I do, MDB Repair Tool will be the first thing I try.

Technorati Tags: backup,security,data,database,Access,tools,recovery,repair

Don't neglect online backups

2009-04-26T13:48:00.002+01:00

A week ago, one of my friends was mugged on his way home from school on a bike path. He was badly beaten and ended up unconscious in the hospital. Though his bike, computer and some other things were stolen, and despite his injuries, I suspect that his most serious loss is much of the work he had done on a masters thesis. Apparently any backups he had were also stolen.

It's one thing to lose your most recent work, and losing your whole email store can be serious. But what if you lose something you've been working on for years--that book you're writing, a carefully compiled bibliography, your research data, a major proposal for your organization? It's almost unthinkable, yet it happens. Data loss is sure to happen if you have no backup strategy, but it can happen even if you do have backups. For example

Backups may be lost along with your computer in a fire, theft, evacuation and so on
Backup media may fail or be destroyed. Here in Nigeria, at least, flash drives have a high failure rate. CDs and DVDs can be scratched or damaged by sunlight and heat.
If your original data becomes corrupted and you don't immediately know it, you may store the corrupted data in the backups.
When do yo discover that your backup is damaged or corrupted? That's right, you discover it when you need it because your original data is lost.

For these reasons, it is important to have more than one level of backup for any data that is important to you. For any data that is really important, you should have at least two and preferably three backups stored in a way that they cannot be lost simultaneously. For example, you could keep one copy on a hard drive at work, one copy on a flash drive or re-writable CD at home, and one copy online.

In my last post, I briefly mentioned that one use of Dropbox was backing up your data online. Online backup should be more than an afterthought--it should be an important part of your backup strategy. Most of us in Africa do not have the luxury of a low-cost Internet connection that will let us back up all our data, let alone the whole system, but we can back up what is most important. Apart from multimedia files (video, pictures, music), your most important data, what you've actually invested the most time on, is probably a few hundred megabytes at most. You should at least consider saving some or all of it online.

There are many online data storage services, including a fair number of free ones. I like Dropbox--it works for me--but another solution might work better for you. One thing I like about Dropbox is that it keeps previous versions of changed and deleted files. That feature has already saved me a couple of times.

David Bradley's article "Make SkyDrive a Virtual Drive" describes the free Microsoft SkyDrive online service and add-ons that make it more useful and transparent. Some people send their important documents to their own online email addresses (a Gmail account, for example). It's not the simplest or most secure method, but it's a lot better than nothing.

Dropbox: A free, low-bandwidth solution for online file sharing, syncronization and backup

2009-02-28T09:51:00.005+01:00

One of my projects is the book AIDS Is Real and It's In Our Church, which I co-authored. The English version has been quite a success, Hausa and Amharic editions are in print, and now we're working on the French version. One of the technical problems we've dealt with is simply how to share the files between authors and editors on different continents, while being sure that corrections and updates are made to the right file. Once, in the Hausa version, I spent quite a few hours making corrections and then discovered that the file I'd been given was not the latest.

There are many approaches to this issue, which after all is a common one whenever people are collaborating on documents. One of the particular constraints for some of us though, is that the solution has to be low-bandwidth, simple, and free (or at least very low cost). It simply isn't practical to be uploading and downloading a 20 MB file every time it is changed.

I've looked briefly at Google Docs, which works fine and would be my first choice for documents that don't have a lot of formatting requirements. Collaborators work (even simultaneously) on a document in Google's own format, stored in cyberspace somewhere, and that document can be exported when necessary to another format. Documents can be text (with pictures), spreadsheets, or presentations. Google Docs is free, doesn't require any setup, and lets users work online or offline (that is, you can edit documents even while not connected to the Internet, and they will be saved again when you are online).

Google Docs won't do what I need at the moment, though, which is to allow people to edit Microsoft Word and Publisher documents. That is where Dropbox has been a real help. I use it to

Share files with co-workers, automatically keeping everyone's copies synchronized
Work on files from different computers without having to do anything manually to keep them synchronized
Keep online backups of projects I'm actively working on, so that the backup is always current.

Here's how it works:

Download and install the free software (currently a 14 MB file). It creates a special My Dropbox folder on your computer.
Register as a user with the service. You get a 2 GB online folder free, and can pay for more storage.
"Once installed, any file you drop into your Dropbox folder will synchronize and be available on any other computer you've installed Dropbox on, as well as from the web. Also, any changes you make to files in your Dropbox will sync to your other computers, instantly."
Dropbox does not transfer the entire file each time it is changed, but only sends the changed portions. This means that when I change one word in the 20 MB file, only a small amount of data has to be sent back and forth over the Internet, not 20 MB. That makes it useable over our low-bandwidth connection.

You can use the Dropbox folder like any other folder. Drag files into it, make sub-folders, add and delete files, and so on. All those files and sub-folders will be transparently synchronized with your online folder and with any users sharing those files. That last point is important. People sharing your files do not have to do anything to keep their copies up to date, as Dropbox does that in the background.

Example:

I create an "AIDS is Real" folder inside my Dropbox folder and drag my 20 MB aids_is_real.doc file into it.
If my collaborator does not already have Dropbox installed, I send her an invitation to install it.
I mark the AIDS is Real folder as shared with my collaborator, for reading and updating.
The Dropbox software automatically downloads aids_is_real.doc into my collaborator's computer.
I open my copy of the document from my local Dropbox folder, make some changes, then save and close the file (changes are not synchronized until the file is closed).
Dropbox software automatically saves my changes to the online copy and to my collaborator's local copy. When my collaborator opens her copy, it is always up to date (as of the last time she was connected to the Internet).
Likewise, when my co-worker changes the file on her computer, those changes will be reflected in my local copy (almost) immediately.

Give it a try! It's well worth the effort if only for the ability to keep 2 GB worth of your important projects safely backed up online. (Of course, how safely depends on the long-term survival, security, and stability of Dropbox; you shouldn't depend on any one service for the backup of your valuable data).

Now you can use Twitter in Nigeria

2009-02-16T17:30:00.003+01:00

This is the good news I learned today from Jon's latest blog at Appfrica.net. In case you don't know, Twitter is a "micro-blogging" service that lets you send tiny posts, limited to 140 characters each. The posts appear on your page where (as you choose) others can view them, but they can also be broadcast by mobile phone text messaging (SMS) to anyone subscribed to you. You can choose to let everyone subscribe, or you can let only approved individuals subscribe, depending on your needs.

The problem has been that last year Twitter stopped sending out those SMS messages in most countries of the world, basically because they didn't have any way to fund the service--someone has to pay for all those messages. Now, as Jon describes, you can use a new service called Twe2 which does send text messages around the world. They're financed by attaching a small text advert to each one, which seems to me a reasonable price to pay to receive free text messages by Twitter.

I'm still trying to subscribe ... it's very easy but requires your mobile phone number to be verified, and sometimes here in Jos it takes many hours for SMS messages to be received, so the verification could take a while.

Now, if I can just figure out a good reason to use Twitter ...

Mobile Internet Services in Jos, Nigeria

2009-02-16T17:09:00.003+01:00

As I said in the previous post, I've been researching the mobile ISPs that are currently available in Jos. It's a dynamic situation, with several companies entering or about to enter the playing field, and with promises of broadband 3G service to come "soon". Since 3G is already available in some cities in Nigeria, we hope the "soon" is actually in the near future, this year sometime.

As I said in the previous post, I am summarizing all my information as I gather it, on the Mobile ISPs page in the Living in Nigeria wiki. So go there for more details and for more recent news. Add information if you have it!

The summary at this point is:

Although advertising as high speed, MTN offers low-speed (GPRS) service with a variety of monthly and day plans (from a few hours to a full 24 hours). They plan eventually to have broadband (GSM family, UMTS)
Multi-links and Zoom offer medium-speed (1x) connections. They plan to have broadband (CDMA family, EVDO). I don't know about actually-observed operating speeds.
- Multi-links requires you to buy a 21,000 naira phone or 16,000 naira (unavailable) modem.
- Zoom requires you to buy a 3,000 naira phone or 10,000 naira modem.
- Multi-links and Zoom both have a variety of plans, but only Multi-links has day plans.
- Zain and Glo do not offer intermediate range (1x) service and don't seem to have any attractive features at this point.
My personal experience with MTN on only a few occasions has been that it is not worthwhile (too slow).
I have heard from one person each for MTN, Zoom, and Multi-links that the service has been fair (MTN, Zoom) to good (Multi-links).

My friend who has been testing Zoom (with the rather bulky 1x/EVDO modem) told me today that it's not tolerable for browsing, as far as he is concerned, with very low speeds at times. However, he pointed out that it's ok for email since that can trickle in at any speed.

It is very important to remember that while the companies advertise a connection speed and while the hardware could in fact support that speed, the actual speed is still limited by how much bandwidth the company chooses to pour into the pipeline. Bandwidth is expensive and so far the companies are not actually giving out as much as they could, or so it appears to the consumer.

Using a Blackberry phone in the bush in Nigeria

2009-02-04T16:01:00.003+01:00

I plan to post a couple of blog entries soon about using mobile internet services in Nigeria, specifically in Jos rather than in the big cities. If you're interested, you can see and contribute to the wiki page where I'm gathering and organizing the information I have. Meanwhile, this note came from Tom Crago. He is having better luck with a Blackberry phone in the village than I am having with an MTN modem in Jos.

We are using a Blackberry 8830 World Edition cell phone in Nigeria which we obtained and are paying for in the USA. We are currently in the small village of Kwarhi, on the grounds of EYN's Kulp Bible College. This is about 13 km west of Mubi in Adamawa State. By comparision, Jos is a huge metro service area.

The phone is designed to search for the best available service connection wherever we may be. At different times it has connected to MTN or CelTel (now Zain) while we have been in Nigeria. Here in Kwarhi, and in Jos while we were there, it has connected to CelTel's GPRS system. It took about one minute to download the wiki page you reference in your article.

The phone was purchased in the US for 99 dollars, and we got a 70 dollar rebate. Net cost about 29 dollars. Price probably can't be matched now.

We added the global service to this phone just before leaving the US. I don't recall the sim chip charge--20 dollars or so I think. We are charged 65 dollars a month, on top of our US domestic voice service plan, for unlimited 24/7 email and Internet browsing service in 140 countries with partnership agreements with Verizon Wireless, our US service provider.

We have been very pleased with this service in Abuja, Jos and now in the "bush." It seems to work anywhere there is a CelTel tower.

I don't know the cost of the basic voice service plan Tom refers to, but I'm guessing that the monthly total for that plus the data service must be close to $100, currently about 15,000 naira per month, for GPRS (low-to-medium speed) service.

On the other hand, I've tested the MTN service in the past couple of weeks and it has been unusably slow, both at my home and the office, despite having a strong signal.

Don't Rely on Password Managers to Keep you Safe on Untrusted Computers

2008-12-20T13:34:00.003+01:00

In my previous post on password managers, I concluded that they can help you by "remembering" strong, hard-to-guess passwords for your different online accounts (or for other personal information). Actually, though, I started investigating these programs with a specific need in mind: to find a way to use my private accounts on untrusted computers such as public computers (airports, libraries, cybercafes) or your friend's computer if you aren't sure about the security it has.

In my post "Danger Ahead: Using the Cybercafe," I talked about the dangers of public computers, especially the fact that they can capture what you type including your user names, account numbers, and passwords, then pass that information along to cybercriminals. What good is a cybercafe if I can't trust it enough to log into my email account, for example? I looked into the password managers hoping that they would protect my information on public computers, but unfortunately my conclusion is that they do not. There is a ray of hope in another sort of solution, kyps, which I will mention later.

Can Password Managers Keep you Safe on Untrusted Computers?

Short answer: no. You should not use your personal data on an untrusted computer, even by way of a secure password manager. The kyps approach is more promising, but using your own (clean) computer is still the safest.

Long answer: no, though a password manager might reduce the risk somewhat. The problem in a nutshell is that, in principle, an untrusted computer and do anything with the data that goes through it. Theoretically, for example, someone could design a program from scratch that looks and acts just like Windows but also stores and forwards all personal information to the RBN (Russian Business Network) or other cybercrime center. There is simply no way to make an untrusted computer into a secure one.

Passpack is one of the two online password managers I reviewed. When I asked the company about this issue, this is what they said:

Yes, you're absolutely correct. The decrypted pack is used by (thus temporarily stored in) the javascript DOM. So any application that can access that DOM, can access the information stored in the decrypted pack.

As you noted, local memory is an issue with any program, online or off. Unfortunately, for as much as we can do to protect your account, you need to make sure you are on a clean computer. We have written one post to this effect here: http://passpack.wordpress.com/2008/07/23/travelers-check-your-browsers/

If I understand correctly, since Passpack stores your data in a single pack which it decrypts on your local computer, not only the passwords you use in a session but all your data is exposed this way, which would be dangerous on an untrusted machine.

Security expert Keith Bergen says,

In order for the passwords to be transmitted they have to pass through memory unencrypted so after they're sent to the other side the site can run a hash (md5, or what ever) against the plain text password to compare it to the hash that it stores. There are a few pieces of software that will look for passwords in memory as that is one of the best places to lift them from. ...

There are methods of stripping out the local SSL cert that your computer uses to initiate the SSL communication with the server and to copy and decode all SSL traffic that is sent to and from your computer. There are many Linux programs that do this and I have heard of some Windows implementations as well.

Bergen goes on to say that the practical implications of these issues are less clear. Even though methods exist to steal you credentials in these ways, we don't know how widespread they are. One thing is sure, though, and that is that the cybercriminals are sophisticated, motivated and bright. If it becomes cost effective for them to steal your identity in this way, then they will. So, although some of these managers may in some cases be better than nothing, their security is not something to, so to speak, put your money on. (And note that they may be worse than nothing as in the case of Passpack).

The author of kyps, Andreas Pashalidis, also discusses the risks of using password managers as well as other methods of trying to make a public computer safe. He points out that malware on the computer might not only capture your passwords, but also corrupt the data on your flash drive (if that's what you use) or infect the drive with malware making it unsafe to use even on your own computer.

Conclusion

In the end, I would not want to use any password manager on an untrusted computer, that is one that I am not reasonably sure is free of malware. In a situation where I had no alternative but to use an untrusted computer (suppose I was dying and stranded in a Somali village with no cell phones but with a cybercafe), I would either type in the credentials by hand or use a password manager, then change them as soon as possible and watch for any suspicious activity. However, there is a better approach, which is kyps, discussed in the next post (or just go there and have a look).

A new blogging platform for Africa: Maneno

2008-12-19T16:14:00.001+01:00

Yesterday, reading WhiteAfrican.com, I was alerted to the existance of a new blogging site for Africa: Maneno (which means "words" in Kiswahili). By "blogging site" I mean something like Blogger or WordPress, a place where anyone can create a blog. What is the point of a new site or platform when other good ones are available? There are several advantages:

The site is designed from scratch with the goal of making pages load fast over the slow connections that most of us have in Africa. There really is a noticeable difference.
The site is easy to use. (Actually, I'm not sure it's any easier than Blogspot, but the authors are working to keep it simple.)
Maneno is multilingual. Other sites do allow you to type your blog entries in your own language, but Maneno has the added feature of an easy interface that lets any member translate any blog post into another language, sort of a communal approach to making the entries themselves available in other languages. Of course, it's the African languages that are the focus.
Maneno recognizes that many users in Africa do not have access a computer, so the site is exploring ways to allow people to access it through mobile phones and other relevant technology. (Blogspot also allows posting by mobile phone & email ... will Maneno be better in some way? Probably it at least will be slimmer.)
Maneno is focused on Africa. Unlike Blogspot, which is a place for any and every type of blog, Maneno is more topical, describing itself as striving "to provide a communication and development platform for Sub-Saharan Africa."

If you live in Africa and write about life and culture here, or if you're interested in reading the blogs and commentaries of those who do, you should definitely have a look at Maneno.

Password Managers: Brief review of three good products

2008-12-14T14:31:00.005+01:00

PassPack list of passwords and automatic logins

In two previous posts (here and here), I looked at the security problems of using a public computer such as one at a cybercafe. Living in Africa, and in a country whose name is almost synonymous with scams, we need to be especially cautious. On the bright side, of course, there are probably fewer people in Nigerian cybercafes with bank accounts worth the effort of cybercriminals, but that is not very reassuring.

The basic problem of public computers is that they could contain any kind of malware, including the kind that can copy your login credentials (user name and password) and send them off to cybercriminals who can then use them, for example, to log in to your bank or email account. Not a happy thought.

Enter the password managers. These programs let you to store your passwords safely somewhere where others can't read them. The passwords are encrypted so that only you can get to them, with some "master key" that you know. This lets you use different, high quality passwords on your sites without being burdened with remembering them all. This in itself is quite useful, without even considering the issue of public computers.

Perhaps the biggest security problem with most people's passwords is that people tend to use easy, guessable passwords and the same password for many accounts. This is natural, since it is hard to remember different, long passwords (or better, passphrases) for each account. A password manager can generate a long, random password for you, or store the password you choose, so that you don't have to remember it.

In the past few couple of weeks, I've looked at three highly-rated password programs: RoboForm, PassPack, and Clipperz. RoboForm stores your passwords on your own computer or flash drive, while the other two store them online.

I have tried mainly the portable RoboForm, called RoboForm2Go, which stores the program and encrypted passwords on a flash drive. This gives me access to the passwords both at home and at work; I could also use the same flash drive on a friend's computer, another computer at work, or a public computer with an available USB port and have access to the passwords without installing any programs or data onto the other computer.

All three of the programs I tested were fairly easy to use, but I think that RoboForm was the easiest. The program sits in the background and automatically offers to memorize the credentials any time you open a new login page or any page with forms to fill in. The next time you open the page, it offers to fill in the fields automatically.

RoboForm Passcard Editor

How is this different from the automatic password retrieval in Firefox and Internet Explorer? First, with RoboForm2Go you can carry your passwords with you rather than their being stored only on your computer. Second, RoboForm2Go can store many pieces of data besides your user name and password, including first and last name, phone number, address, email addresses, and so on. At your command, it will fill in as much of any form as it can using these stored values. You can store different profiles and identities if, for example, you want to have one set of information for your work and another for your personal life.

Clipperz and PassPack both store only your encrypted passwords online. The advantage is that this gives you access to them from any Internet-connected computer. On the other hand, you need to trust either service enough to enter your passwords on its web page. For that matter, you have to trust RoboForm in the same way. Since all the companies have been around a while and appear reputable, this seems reasonable. Assuming the companies do what they claim, your decrypted passwords never even exist on ClipperZ or PassPack; the only thing that gets sent to the server is an encrypted package.

With either online service, to retrieve your passwords or to directly log in to a protected site you first open your Clipperz or PassPack account with your master password. The master password should be strong so that no one else can access your account. PassPack adds an added layer of protection by using two master keys: one to log in to your account and retrieve the encrypted package, and a second key to use on your own computer to decrypt the package. This means that even someone who breaks your PassPack account password and steals your encrypted package will not be able to decrypt it. It seems to me that if your master password is strong, then the added security is not that important; no one could open your account by a brute force attack, and anyone who manages to steal one password (e.g. with a keylogger or looking over your shoulder) may just as easily steal two.

Although the two work a bit differently, in essence both Clipperz and PassPack send you your encrypted package and then your own computer performs the decryption to extract the actual passwords or other data. Assuming that you have chosen an unguessable master password to unlock all the others, the only significant risk to your data is the risk that exists on your own computer: that's the only place that the unencrypted password ever occur.

All three of the programs (RoboForm, PassPack and Clipperz) allow you to select a service from your stored list and log in directly, thus functioning as a collection of bookmarks as well as passwords. RoboForm, which by default adds its toolbar to your browser, lets you click on the login button then select the page you want to navigate to, where it logs you in after entering your saved credentials.

All three programs also let you save notes in the encrypted entries, so you can store your account numbers, credit card info, phone numbers, or whatever you want. PassPack, for example, provides a note field for each entry (figure at right). Clipperz lets you choose from a variety of "cards" pre-formatted for you bank account, credit cards, address book and so on, or you can define your own fields as well as using the Note field that's included in each card.

Both of the online password managers allow you to copy your encrypted data to your own computer so that you can access it without an Internet-connected computer. Their methods are different, with PassPack using separate programs that require either Adobe Air or Google Gears to run, while Clipperz downloads a large HTML file which you open in your browser just as you do the online version.

Distinctive Features

RoboForm

Runs from your own computer or a flash drive. You need a separate license ($) for each computer and each flash drive, though package discounts are available.
Fills forms of all kinds from data you store in "identities".
The easiest of the three to use when saving new login information.
Paid version lets you store separate profiles and identities.
Free version limits you to 10 passwords and 2 identities after 30 days

PassPack

Stores your encrypted data online
Two-passwords: one to access your account and another to decrypt your data.
Although they cannot retrieve a forgotten decryption password, PassPack staff can roll back your account to use your previous password if you remember that one.
Stores and retrieves your data as a single package; updated or new entries are not saved until you click a button to save the package back to the server.
You can reach any of your entries quickly, even if there are many, by typing the beginning of the name into the search box.
Free version limits you to 100 passwords (but you could open multiple accounts); yearly fee of about $15-20 for unlimited account.
Small but growing company, with the responsiveness and accessibility that comes from that.

Clipperz

Stores your encrypted data online
Stores and retrieves your data as single "cards" as needed; updated or new entries are saved automatically.
Freeware (donations accepted), unlimited passwords
Not commercial; future development status uncertain, though product is fully-functional as is.

Which is best?

All three of these are good programs, and I think would be quite usable for most people. I found RoboForm to be a little more convenient than the others, but it's not free. I do not think that there is much difference in features and usability between PassPack and Clipperz, though I've only used them for a few weeks. Since all three programs are either free or have free versions, you will probably want to try them out for yourself to see which you prefer. There is no question that any of them will make your life easier if you want to follow good security practices and use strong, different passwords for your various accounts.

Will they protect you on a public computer?

This is a question I will discuss in the next post. The short answer is that while these products probably decrease your risk on a public computer, they do not eliminate it. There is one more service, however, called kyps (keep your password safe) that works quite differently and might be considered safe for use on a public computer.

Features Summary

	Price	Multiple Identities	Ease of Use	Offline Storage	Online Storage	Access from any Internet- connected computer	Quick lockout feature
RoboForm	$30 ($40 for flash drive version)	Yes	+++	yes	no	with flash drive version	yes
PassPack	100 entries free; $15-$20/yr for unlimited version	No (but can use multiple accounts)	++	yes	yes	yes	yes
Clipperz	Free	No (but can use multiple accounts)	++	yes	yes	yes	yes

Import/Export features

	CSV	HTML/ Printable	KeePass	RoboForm	Password Plus	Printable	JSON
RoboForm		E?
PassPack	E/I	E		I	I
Clipperz	I	E	I	I	I	E	E/I

RoboForm lists export options as Firebox bookmarks and Internet Explorer favorites. Importable files are Firefox Passwords, Outlook contacts, and various favorites and bookmarks. There does not appear to be an option to import/export arbitrary data with passwords, but I have not researched this beyond looking at what the Import and Export buttons on the menu do.

I welcome any corrections to this review as well as different viewpoints and suggestions of different products to consider for the job.

See also

PassPack and Clipperz, head to head

Addendum and corrections arising from comments

"Also, while not native support, there is also a way to run Passpack off of a USB drive. It uses Passpack's Offline version + Google Gears + Portable Firefox: http://tinyurl.com/passpackusb"

Bluetooth inventor needed for aging Baby-boomers

2008-12-09T23:02:00.001+01:00

OK, I'm not that old yet, but along with how ever many million other baby-boomers, I'm moving along the timeline. I already notice it's a little harder to hear sometimes: my son tells me my phone is ringing, and I have trouble hearing people in noisy conditions or in rooms with poor acoustics.

I'm already getting unhappy in big gatherings like our monthly potlucks with loud background music, when I can't hear people talking, or, rather, can't understand what they're saying. I know I'm not the only one, since others voice the same complaint. So, my idea is, why not invent a Bluetooth system that lets you use those in-the-ear phone thingies to talk to the people around you in noisy gatherings? Since the technology is already in place (phones, ear adapters, tiny Bluetooth transceivers and so on), it seems that it could actually work.

Bluetooth would work well for talking with the people nearby because it has a limited range and you wouldn't be hearing everyone in the room. Some kind of selection mechanism would be needed, perhaps, or maybe it would be more natural just to be able to hear everyone in a defined range as in normal conversation.

Meanwhile, my sister suggests I should take up sign language. Sounds like a good idea to me!

Will a password manager let me check my email in a cybercafe?

2008-11-26T14:57:00.004+01:00

In my last post, I said that it's basically impossible to know you're safe when using a public computer to access password protected sites (including your email), since your account information including password could be captured by a keylogger. Now I'm trying to find out if password managers provide enough security to let me go ahead and log on to my gmail account or even my bank account (now that won't happen any time soon!).

Secure password managers such as RoboForm, PassPack, and ClipperZ may allow us to safely access our password-protected accounts on a public computer. It seems to be generally accepted that they do provide protection. I'm trying out the three products above (all have a free version) but will avoid putting any financial or really important passwords online until I find out more.

These products all work by encrypting your passwords so that no one else can read them, then storing them somewhere. Offline password managers like RoboForm store your encrypted data on your own computer or a flash drive that you can take with you to another computer. PassPack and ClipperZ are online password managers. They save your encrypted passwords (and only the encrypted form) online so you can retrieve them from anywhere you have internet access. They also give you a way to save the information on your own computer for when you don't have a connection.

It sounds quite promising and the products are well-established. I just want to learn a little more to be sure that there aren't any known ways that malware could copy my passwords even if I don't physically type them.

Danger Ahead: Using the Cybercafe

2008-11-22T18:10:00.001+01:00

Summary

Using a public computer is risky business and cannot made safe for entering or reading sensitive information including accessing your email account. You must consider the risks and benefits in any situation. The best alternatives in a cybercafe are to use a secure laptop (preferably your own), or to boot the public computer from a live Linux CD or flash drive.

We all know that net cafes are not ideal and that they have security issues. Sometimes, though, there doesn't seem to be a good alternative. Maybe you're traveling and don't have any other way to connect. Maybe you have a home connection but it has been down for several days. Whatever the reason, you may find yourself in a cybercafe.

If you read no further, just remember this one point: never enter or access any personal or confidential information on a public computer.

Personal data that you must not enter or access includes

Bank information, account numbers, credit card numbers and so on
Personal identifying data such as date of birth, social security, drivers license, passport, national id, mother's maiden name, or phone number
Email accounts and passwords
Any other user names and passwords

This might seem too extreme, especially when you realize it will prevent you from even accessing your email. You must realize, though, that there is nothing you can do to make that public computer completely safe. Anything you type or view could be stored or transmitted to people who would love to add your information to their files. This danger is no longer an occasional problem, but common and serious.

Even if you boot from your own CD or flash drive (see below), anything you type could still be captured by a hardware keystroke logger.

Besides the risk of your personal data being captured, there is also the risk, or inevitability depending on the location, of your flash drive being infected with malware if you insert it into a public computer. Always use a clean computer with an up-to-date virus and malware scanner to clean your flash drive after using it in a cybercafe (or, for that matter, in any computer).

What to do?

Balance the risks and benefits

As in any situation, you should always balance risks and benefits. If you access your email on a public computer, there is a risk that your email account will be compromised. That means someone could gather the addresses of your contacts, email them from your own account, send spam under your name, view sensitive information (financial records, orders, addresses ...), and potentially steal your identity. That's a pretty big risk.

On the other hand, if you access your email account on a public computer in a "reputable" cybercafe and can then change your password soon afterward on a secure computer, the risk would be decreased. My own assessment of that risk-benefit balance for case would be that (a) I would only want to take the risk if it was very urgent to access my email and (b) I would try other alternatives first: SMS messages, phone contact, or whatever I could think of.

Use your own laptop

If it's possible to connect your own laptop at a cybercafe, you will avoid the problem of all the malware that could be on a public computer. Needless to say, you won't want to do this unless your own laptop is well protected with at least a software firewall (like the one built-in to XP and Vista, or an add-on) and an up-to-date antivirus program. (There are portable hardware firewalls available that plug into your USB port. But you can probably do almost as well with free software.)

Use a Linux Live CD

Using a Linux live CD or flash drive, you reboot the public computer from your own copy of Linux designed to run only in memory. The hard drive is not used and does not even need to be present. This means that drive infections are no longer a risk.

It's easy to make such a CD; you just download the file (called an iso image) and burn it to a CD or DVD. See the good article, Why you want a Linux Live CD, for some more information, or just google "Linux Live". Many current Linux installation CDs will work as well. Ubuntu (~ 700 MB) and Slax (~ 200 MB), are two examples. As these are large downloads if you have limited, expensive Internet access, you may want to copy a friend's disc or get someone to send you one (Ubuntu will mail you a free copy).

Don't be scared off by the word "Linux," either. You need no experience with Linux to use these. Just boot the computer from the CD or flash drive, and you'll see a familiar desktop with a web browser (usually Firefox), text editor, and others depending on the exact version.

Limitations of Linux Live

The computer must be configured to boot from a CD or flash drive. If it is not, a co-operative cybercafe manager may be able to set it up for you (or you could do it yourself if you know how).
While web browsing is almost always supported, it may be tricky to connect to the cafe's printer. But you could save what you need to a flash drive and print it later.
Hardware keyloggers could still intercept your typing. These are devices intentionally installed between the keyboard and main computer box; I have no idea how common they are but certainly much less common than malicious software.

If you have no other alternative ... making the computer safer

It's important to stress that you cannot make the public computer safe. You can only reduce some of the risk. Kris Littlejohn lists and explains "10 things you should do to protect yourself on a public computer" including:

Delete your browsing history
Don’t save files locally
Don’t save passwords
Don’t do online banking
Don’t enter credit card information
Delete temporary files
Clear the pagefile
Reboot
Boot from another device
Pay attention to your surroundings and use common sense

Apart from booting from another device, as I discussed above, none of these measures will stop keyloggers from spying and reporting on everything you type. As long as you don't type anything sensitive, you'll be fine, so these precautions would help in a situation where, for example, you need to print an existing document with sensitive information, since you wouldn't be using the keyboard. And they will help in a situation where there happen to be no keyloggers or other malware intercepting what you type.

Shooting themselves in the foot? Blocking customers from your website.

2008-06-25T21:06:00.001+01:00

Why do some sites make it so hard to do business with them? Is it because they want customers hardy enough to jump through the hoops? Perhaps if the customers prove their stamina and cleverness by making it through to order a product, they will be the ones less likely to need support?

I've gotten some good deals from TechForLess.com, so it is taking me longer than usual to give up on them. My first bad episode was when I ordered a laptop, got the confirmation, then the next day got a message that the order was canceled--seems they didn't like my being in Nigeria even though the order was paid from and shipped to the US, as well as sealed by one of those "prove your identity" credit-card pop-ups. However, their customer service was very helpful and made sure that the order got filled eventually.

Turns out that one of the laptops I bought from them as a Vista system actually had been downgraded to XP, and badly done so that the right drivers were missing. Oh well, mistakes happen.

Now, though, I can't even browse their web site! Since switching our hospital system from transparent to non-transparent proxy (so that we can force user logins), I just get an error message on their site, "Sorry, but the activity from your computer has tripped an alert on our server. This maybe because you are using some form of web browsing accelerator software. If this is the case, please disable this software while browsing our site." There is a bypass -- type "GO" and press the button, be patient for a 30 second delay -- but it doesn't work.

Now, is this business really so swamped by bots or web accelerators or whatever that it can't manage, and has to block legitimate customers? Are they so far above their competitors that they can afford to annoy their customers and actually ask them to disable their web browsing accelerators? Since those possibilities are hard to to accept, I can only conclude that TechForLess is trying to screen out customers who don't fit their mould, who might just say "oh well" and go on to NewEgg where at least they can start shopping. TechForLess is by no means unique ... at least for international shoppers, there are many other businesses that seem more interested in keeping us away than in getting our business.

For ease international shopping, I have to give the prize to Amazon. In fifteen years and with hundreds of purchases on Amazon, I have never had a problem. If I want to ship to a new address, no problem. If my ip address is in Nigeria, or Kenya, or South Africa, no problem. No surprise cancellations, no denied credit cards, just good service (ok, now and then a little problem, but 99% good).

Broken Bridges

2008-06-20T00:44:00.001+01:00

We still remember Bevelyn's restaurant here in Jos as the "Broken Bridge Restaurant," since through the '90s it featured the beautiful mural shown on the right, of a long bridge (across San Francisco Bay??). As you can see, there was one small problem with the way the panels were placed, thus giving the restaurant its nickname.

That name has been going through my mind in the past couple of weeks as I've spent nearly half my time dealing with a certain type of network problem, the kind where you're on one side (usually the wrong side) of a broken bridge.

The problem is, you have to have both sides of a communication bridge working properly if they're going to function. When there is a breakdown in a local setting such as an office, it's not much trouble to go from one end to the other to sort out the problem. But what happens when one end of the bridge is a block or two away at another site, and there is no one there to help (and no good way to communicate even if there was someone)? The result is a lot of walking back and forth, trying one thing on one end, something on the other end, until the two sides can talk together again, to mix my metaphors.

Worse yet, our internet connections via satellite have broken down twice recently, both at Evangel and the SIM office. The network technicians could not solve or even diagnose the problem from their side, so I spent many, many hours following their instructions given over a barely intelligible cell phone, waiting and waiting to see what happened next, reporting back, and so on. If only we had the luxury of two connections, so that we could use the working "bridge" to get to the other side of the broken "bridge" and fix it.

In yet another metaphor, I'm learning (trying) to pay attention to which part of the branch I'm sawing off -- the part I'm sitting on or the far end. It's always tempting, when working over a remote connection, to change something and hope that it will work. It's often a risk worth taking, but sometimes I fall with the branch.

Suppose I am working over a wireless bridge, with one end in the office and another across the street, and I want to reconfigure the radios to talk to each other in dialect Y instead of dialect X. I have to first tell the far radio to change to language Y, then tell the local one to make the same change. If it works, fine. If it doesn't, I've sawn off the branch I was sitting on. I can change the local radio back to the way it was, because I'm connected to it, but the far radio is now dangling in never-never land--"I'm not hearing you, I'm not hearing you!" I have to walk to wherever it is and directly connect to it, to tell it "never mind, we'll stick with dialect X."

A simple solution, which I've never seen or heard of being actually implemented, would be for the radios to have a trial period whenever you make a change that might break the connection. In effect, the radio would say, "ok, I'll switch to dialect Y, but if I don't hear from you in 5 minutes, I'll assume that this didn't work and I will go back to dialect X." Operating systems like Windows do that when they change your graphics settings, with a button that says "Click to accept these settings, or I'll revert in 30 seconds" That saves you from the problem of having a totally messed up display and no way to change it back. Alas, with all their amazing technology, wireless network devices don't seem to have figured this out. But then, many don't even allow you to save and restore the settings that it took you so long to figure out.

As I finished writing this and sat wondering what the point was, it struck me that the greatest broken bridge story is the way God relates to people. He created a perfect world, including people, and loved his creation wholeheartedly, especially the people, but then they went and broke the relationship, the bridge. In the end, no kind of remote troubleshooting would to, and God put on his shoes and took a long journey to the other side of the broken bridge, to a zone barren and devastated by the long loss of contact. It cost his life, but the bridge was restored.

(cross posted from my main blog)

Top Ten Reasons for Switching to Vista

2008-01-09T20:44:00.000+01:00

Since I needed a new computer, I left my old laptop in Nigeria and had a new one waiting for me when I got to the US in early December. I intended to use Windows XP on it, but as it would cost more to order that way (i.e., more than getting it with Vista installed), I was going to use my personally-licensed XP Professional on the new one. Some complications prevented me from making that switch so I have been using the pre-installed Vista. I'd like to share what I see as the top ten reasons I can see why you, too, should upgrade to this new operating system.

You're having a quiet vacation and need something to do.
You're getting bored of the stability of Windows XP or your Mac, and want to try something more challenging. You like an interesting OS that keeps you guessing what will happen next, or you miss the fun of lockups and reboots you used to have with older versions of Windows.
Your current computer is running too fast, not giving you enough time to make and drink your coffee.
When you try to run a program, you'd like your system to ask you if you really want to run the program.
You'd like to have Google desktop, but don't want the bother of installing that free program. Plus, the Vista version has a picture puzzle you can play with.
You need an excuse to pay to upgrade to the latest version of your programs (otherwise, some won't run on Vista).
All your friends are will laugh at you if you stick with XP (actually, they're jealous).
You've got to have transparent menus and windows (though for this, I think, you'll need more than Vista Home Basic ... so be ready to pay a little more).
You need a way to use all those dozens of gigabytes of memory you have installed on your new machine.
You want to show Microsoft your support and appreciation.

Seriously, I'm quite convinced that Vista is a superior operating system, at least for businesses. Hopefully in a year or two the bugs will be worked out and it will be ready for me to try again. Meanwhile, when I get back to Nigeria, I'll be dusting off my XP Professional CD-ROM and starting another re-install.

(BTW, don't tell me to try Linux. I've got that installed also, in the Ubuntu flavor, but I still have too much invested in software and experience to abandon Windows.)

Juice Podcast Receiver Problem Solved

2007-08-31T23:44:00.000+01:00

Friends, don't bother reading this unless this is why you have come the blog. I'm only posting this here because it's the solution to a software problem and the answer doesn't seem to be found by Google, not easily at least.

Problem: Juice podcast receiver (a great freeware program) running on Windows platform suddenly stops working. It crashes while loading and gives a message "OSError: [Errno 2] No such file or directory - see c:\program files\juice\juice.exe.log" or something similar. If you check the log, you'll see something like:

Traceback (most recent call last):
File "gui.py", line 4, in ?
File "iPodderGui.pyc", line 3573, in main
File "ipodder\configuration.pyc", line 468, in __init__
File "os.pyc", line 153, in makedirs
File "os.pyc", line 154, in makedirs
OSError: [Errno 2] No such file or directory

Great help, isn't it? The short answer AFAIK is 1 of 2 things:

The drive letter has changed for the drive where the Juice program is installed, or

The download directory, where the podcasts are to be stored, is not available. In my case, this was because it's on a network share that was unavailable at one point, and had to be accessed by Windows Explorer (or a "net use" command) before it was made available again.

For more information, see this post in the Juice support forum.

Computer Doc in Jos

Creating an Autocompleting Association Input in Rails3 + ActiveScaffold + JQuery UI

How to Do It

The Details

Step 1: add the accessor functions to the member model:

Step 2: Replace the form's input for country_id with one for country_name:

Step 3: Create a lookup function to be called by JQuery.

Step 4. Set up JQuery

Change or Remove the Horizontal Line Above Footnotes in MS Word 2007

Energy-efficient LCD Monitors

Send and Receive Faxes Online – Free (or almost free)!

Ushahidi to map conflict in Jos, Nigeria

Trying out Free Smilebox – Flash Presentations from Your Photos and Videos

The Good

Limitations

Limitations on Free Version

The Bad

Create a high-security vault for your data in 5 minutes

Why use TrueCrypt?

Overview

Goal

Steps

Precautions

OK, let's do it

Protecting your sensitive data with TrueCrypt

How we use FrontlineSMS

Real Life Examples

Effectiveness

Summary

Using WSUS to save bandwidth, and how to set up an XP Home edition computer to use it

Twe2 is gone, but then I never did get it to work

Disaster Avoided -- A Corrupted Microsoft Access Database File

Don't neglect online backups

Dropbox: A free, low-bandwidth solution for online file sharing, syncronization and backup

Now you can use Twitter in Nigeria

Mobile Internet Services in Jos, Nigeria

Using a Blackberry phone in the bush in Nigeria

Don't Rely on Password Managers to Keep you Safe on Untrusted Computers

Can Password Managers Keep you Safe on Untrusted Computers?

Conclusion

A new blogging platform for Africa: Maneno

Password Managers: Brief review of three good products

Distinctive Features

RoboForm

PassPack

Clipperz

Which is best?

Will they protect you on a public computer?

Features Summary

Import/Export features

PassPack and Clipperz, head to head

Addendum and corrections arising from comments

Bluetooth inventor needed for aging Baby-boomers

Will a password manager let me check my email in a cybercafe?

Danger Ahead: Using the Cybercafe

Summary

What to do?

Balance the risks and benefits

Use your own laptop

Use a Linux Live CD

Limitations of Linux Live

If you have no other alternative ... making the computer safer

Shooting themselves in the foot? Blocking customers from your website.

Broken Bridges

Top Ten Reasons for Switching to Vista

Juice Podcast Receiver Problem Solved

Step 1: add the accessor functions to the `member` model:

Step 2: Replace the form's input for `country_id` with one for `country_name`: