Marianne Plays With Computers

My Digital Adventures

Think Before You Post — September 10, 2016

Think Before You Post

We’ve all seen them (at least, if you use Facebook). Fun little games where your friend posts a list of information about herself, and then asks you to copy it into your status and change it to give information about you. What’s the harm, you think.

There could be plenty.

Take a look at the kinds of things you’re asked to share. Your first car. Your best friend. The high school you went to. Know where I’ve seen those questions before? They’re common security questions. That’s those questions that you provide answers to in case you forget your password to a site, including things like your primary email and banking websites. With a handful of these answers, it’s possible for someone to take over your online identity, or even your bank account.

But I only let friends see my posts. They already know most of those things about me, anyway. Well, maybe. Did you know that if you write a public post your posts will continue to default to public until you change it? (The same goes for the other levels as well. I was wondering why nobody interacted with my posts for a while after I uploaded a picture with the privacy set to “only me.”)

Speaking of your friends, though, are they all really friends? I’m not saying that guy you haven’t seen or spoken to since high school is a cyber criminal, but I’m not saying that he’s not either.

Oh, and have you ever gotten a friend request from someone you had thought you were already friends with? Scammers can copy people’s profile pictures (which are public) and create a new profile with the same name. Then they can use that account to try to “friend” people on that person’s friends list (which is also public).

So next time, stop and think before you join in on the Facebook reindeer games. Your online and offline identity will thank you for it.

Wanna Be Scared? — October 31, 2015
Dude, My Car’s Been Hacked! — August 15, 2015

Dude, My Car’s Been Hacked!

So I’m the last person in the world to break this story, but in case you haven’t heard, your car may now be vulnerable to hackers. Thankfully, Chrysler has issued a recall for the affected vehicles.

I know that we all want to be connected all the time, and that the convenience adds a lot to our lives. I don’t even remember how I used to get around town without GPS to guide me. I think I got lost a lot. And remembered exit numbers a lot better than I do now.

But this is the price we pay. For each convenience that allows helpful data in, a hacker sees a way to get their own data in instead. When you’re looking for your next vehicle, for each helpful little gadget, ask yourself what could happen if it went terribly wrong. When your doctor wants to monitor your health over the Internet, ask her how your private data is being protected. And if someone offers you a bionic implant that can be “updated” remotely, just say no.

The Little Browser Hack That Helps Me Browse Safer — August 11, 2015

The Little Browser Hack That Helps Me Browse Safer

Although malware often needs to trick users into installing or running it, there are still drive-by downloads that can hurt your computer when you merely browse to an infected site. It may not even be a malicious site. Legitimate web sites have been defaced with malware. Even the advertising that keeps so much of the internet free can get you.

There’s a little trick you can do, though, that will keep you safer without being much more than a blip in your browsing. I read about this little browser tweak a few months ago, instantly implemented it, and haven’t regretted it a bit. You just prevent plugins from running in your browser unless you explicitly allow it.

In Chrome, click the menu (three vertical lines on the right-hand side of the toolbar) and select “Settings.” Scroll all the way down and click “Show advanced settings…” Under “Privacy,” click “Content settings…” Scroll down to the “Plugins” section and select “Let me choose when to run plugin content.” Click the “Done” button at the bottom.

Firefox has taken a different approach. The good news is that in newer versions of the browser many plugins no longer run by default. It will also warn you if the plugin is outdated or known to be vulnerable. However, if you want to review your configured actions, click the menu and select “Options.” Select “Applications” on the left. You can then scroll through the list of content types and review the action performed for each. One of the possible actions is “Always Ask,” which should give you functionality similar to Chrome’s.

Many web-based threats exploit plugins in your browser in order to do bad things. By taking control of the plugins, you can plug this hole in your system. It may result in a few seconds of inconvenience while browsing, but I think the safety you gain is worth it. Plus, there’s a bonus – no more obnoxious auto-play flash ads!

Internet Privacy? — July 27, 2015

Internet Privacy?

As you’ve probably heard by now, cheaters’ dating site AshleyMadison has been hacked, and details about a sampling of accounts have been posted online. A claimed motive is the site’s “full delete” feature that promised users that their personal information and usage data stored by the website could be deleted with the payment of a fee. The hackers claim that this feature is “a complete lie.”

Although this is only the latest in a long string of information leaks, it is also one of the most sensitive. Since the website’s target audience is married people wishing to have an affair, most users presumably trusted that their information would be kept private. Although parent company Avid Life Media presumably never intended to break their customers’ trust, the results are the same.

So you’re not cheating on your spouse, so you have nothing to worry about, right? Well, I guess it depends on what kinds of things you worry about. So you don’t have an account on a hookup website. What have you been posting on your Facebook account? And what are your privacy settings? Do “friends of friends” know what city you live in and that you are on vacation out of state? Or even the whole world? What about your Instagram? Are your pictures telling strangers where your kids go to school and which Starbucks you frequent? What about that Google document where you wrote about your secret crush?

Everyone has a different tolerance for privacy, and that’s OK. But the Internet is not a good place for things that you want to keep private. Even if you’re doing everything right and have your settings all locked down, you still don’t have control over the information that you’re storing (or allowing someone else to store) on the Internet.

I try to keep some stuff private. I have my Facebook account pretty locked down, only letting friends see most of my posts. I only accept friend requests from people if I actually know who they are. I shut down my Instagram account a few years ago. (I didn’t use it that much, anyway.)


I also assume that anything I put out there might become public some day. I don’t put anything on the Internet that I want to hide from anyone. I think twice before hitting post. I ask myself if I’m OK with my mom, my pastor, and my future employer seeing what I’m writing. Because you truly never know.

Java and XML — July 21, 2015

Java and XML

Now that I finally got the hang of JSON, guess what? I needed to do some XML parsing. Now, let me just say that we are very lucky nowadays. Everything you need to work with XML in Java comes built right in to the JDK. Back when I first started working with it, you had to find and download separate packages, and it was hard to find information. These days, XML is almost passé. And yet, here I am, needing to do a little old-fashioned XML parsing.

You’ll find everything you need to work with XML in the JDK somewhere under javax.xml. Today, we’re talking about XML parsing, which, go figure, is found under javax.xml.parsers.

There are two major types of XML parsing. (There are others, but these came first and are still the biggies.) Document Object Model, or DOM, creates a full tree-like representation of the XML document in memory. The advantage of this technique is that you can quickly travel up and down the tree in any direction you like, as much as you like. The disadvantage is that it takes a lot of memory to create the model, and it will be tied up as long as you are using it. DOM is good for applications that are highly dependent on the XML structure and need to refer to it multiple times. The other type is Simple API for XML, or SAX. SAX eliminates the memory hogging of DOM, but at the expense of passing through the document only once. It is good for applictions where you can grab the information you need in a single pass.


To get a DOM of an XML document, you’ll need a DocumentBuilder. And how do we get that, you ask? From a DocumentBuilderFactory, of course!

DocumentBuilderFactory factory = DocumentBuilderFactory.newInstnce();
DocumentBuilder builder = factory.newDocumentBuilder();

Once you have the builder, give it some XML data as a File, InputSource, InputStream, or URI:

Document xmlDoc = builder.parse(inputXml);

And now you can have some fun! Use the methods in Document to travel through the XML, search it, and even modify it.


SAX is a different way of thinking about XML from DOM, but still very powerful in its own way. Once again, you’ll want to start by creating a factory:

SAXParserFactory factory = SAXParserFactory.newInstance();

…and a parser:

SAXParser parser = factory.newSAXParser();

Here’s where it gets a bit more complicated. SAX is a callback parser. That means that you have to write an entire class to give to the parser that contains methods to handle the XML as it comes, and the parser will call the methods on the class as it streams through the XML. There are two classes you can use for this, but one is deprecated, so you will only want to use the other one.

The XML parsing class is org.xml.sax.helpers.DefaultHandler. This is a concrete class, so you could actually create and use an instance of it, but it wouldn’t be very helpful since the default implementation of the methods is to do nothing. But this is still handy for you because you can just not override any methods that you don’t care about. The methods you are most likely to use are:

  • startDocument()
  • startElement(String uri, String localName, String qName, Attributes attributes)
  • characters(char[] ch, int start, int length)
  • endElement(String uri, String localName, String qName)
  • endDocument()

The startDocument and endDocument methods are handy for any pre- or post-processing you need to do. The startElement method lets you know about an element’s opening tag, characters gives you any text between the tags, and endElement tells you the element is closed. There are also methods that will tell you when a warning or error occurs.

With DOM and SAX, you can parse any valid XML data and put it into a form that’s more useful to you.

Browser Wars — July 13, 2015

Browser Wars

In the 80s we had the cola wars. Then in the 90s, we had the the browser wars, and, if anything, people are even more passionate about their choice of browser than their beverage of choice. Sometimes you want a Coke, sometimes a Pepsi, and sometimes a Dr. Pepper. Sometimes, you may even crave a Pineapple Fanta. But lots of people, including me, are never going back to Internet Explorer. has browser usage statistics going back to 2002, when our choices were limited to Internet Explorer, Netscape, and (talk about a blast from the past) AOL. In those days, IE was the 800-lb. gorilla, with over 80% market share. Since then, however, usage has dwindled and now hovers in the single-digit range. I think AOL went broke sending people free CDs, but as broadband proliferated, plenty of other contenders entered the arena.

AOL disks from 1999 - 2003 for versions 4.0, 5.0, 6.0, 7.0, and 9.0. Thanks AOL for getting America online! via photopin (license)
AOL disks from 1999 – 2003 for versions 4.0, 5.0, 6.0, 7.0, and 9.0. Thanks AOL for getting America online! via photopin (license)

Today, the relatively new Chrome browser dominates. Mozilla’s Firefox is a distant second, and IEApple’s Safari (which is also available for Windows), and Opera round out the top five.

So which one to choose? Many Windows users just stick with IE, which comes conveniently pre-installed. Likewise, many Mac users see no reason to use anything other than Safari. Others, however, only use IE (or Safari) long enough to download their browser of choice.

Why? I’m a diehard Windows user (unless there is a Linux distro nearby), so I’m going to primarily talk about IE here. (Sorry, Mac fans.) IE has an unfortunate reputation of being bloated, insecure, and lagging in standards compliance. Microsoft has been doing a better job lately of making IE play nice with the rest of the web, but even they recognize that IE’s noteriety is hard to overcome. Windows 10, available later this month, will include a new browser called Microsoft Edge.

Firefox, and more lately Chrome, on the other hand, have reputations of being faster, more secure, and more customizable. They had features like tabs, plugins, and anonymous browsing long before IE did. But then every once in a while you get a bombshell like this one about Chrome sending your conversations back to Google.

So which should you choose? I say, pick the one that you like the best. Seriously. The most important thing you can do to have a safe browsing experience is to keep it updated. Set it to automatically update. If your browser tells you there is a new version available and asks if you want to install it, say yes. (After making sure it’s not just a scammy popup or something, of course. Go to the browser’s homepage or another trusted source rather than clicking on any links.) Some antivirus products will help you stay on top of this, too.

As long as you practice safe browsing, any modern browser will get you where you want to go.

The Big Breach — July 10, 2015

The Big Breach

Today’s post is about a topic that’s close to my heart. And my credit report.

As you may have heard, personal information belonging to millions of federal employees and others was stolen from the Office of Personnel Management and and the Interior Department. That was bad.

But this week, it’s come out that it’s not just personally identifiable information (PII) that’s been stolen, but fingerprints as well.

This brings up one of the major problems with using biometric identification as an authentication mechanism. Passwords can be changed. Credit cards can be replaced. In extreme cases, you may even be able to get a new social security number. But biometrics are, by definition, a part of you. You can’t just go out and change your voice print or get a new set of fingerprints.

I understand why the keepers of really important data use biometrics. “Something you are” is one of the fundamental authentication mechanisms. (The other two are “something you know” — like a password — and “something you have” — like a keycard.) And two-factor authentication is a must for any really important data.

But if your data is so important that you literally “want a piece of me” to allow me to work with it, then have the decency to protect it at least that well. Unfortunately, the federal government has a history of failing to protect the data in its charge.

The OPM director has resigned over this incident. It will be easy to say that the problem will be solved under a new director. Perhaps the next person to accept the responsibility of this office will in fact do better. But until those in charge value their employees’ personal data and their citizens’ trust more than their positions of power, we will continue to see incidents like this in the government.

Who am I and What am I Doing Here? — July 6, 2015

Who am I and What am I Doing Here?

Lest I repeat myself, you can check out my new About page to find out!


Basically, I’m here to help with computer and security problems. Some of my posts will be technical, and some not so much. Some may not even be directly related to technology. Especially here at first, I’m going to be experimenting with some different kinds of posts and trying to find my audience.

Anyway, I’m having fun, and I hope you enjoy reading my blog as much as I’m enjoying creating it!

JSON with Jackson – Old School — July 4, 2015

JSON with Jackson – Old School

I needed to construct and read some JSON data, and Jackson happened to be the tool that was on hand. I later found out that it wasn’t the latest version, though. We have been using it for a while, so the version we have is 1.9, and a non-backwards compatible version 2 had subsequently come out. For extra fun, the repository that had hosted the Jackson project and its archived shut down forever right in the middle of my project. So when I wanted to reference the javadocs, Google mostly wanted to send me to the now-defunct site. I did finally manage to find a zip file of them to download to my PC here.

So if you’re also kickin’ it old school with Jackson, it doesn’t have the most intuitive interface, but once you get used to it, it’s not difficult to use it to create and read JSON.

To create JSON content, start with a JsonFactory:

JsonFactory factory = new JsonFactory();

Use the factory to create a JsonGenerator:

JsonGenerator generator = factory.createJsonGenerator(outputStreamOrWriterOrFile);

Use the write* methods on the generator to create JSON:

generator.writeStringField("name", "field");
generator.writeNumberField("value", 42);

And don’t forget to close when you’re done (ask me how I knew that!):


You can then take the OutputStream, Writer, or File and use it to do stuff with your JSON.

By the way, the code above should produce this JSON: