Marianne Plays With Computers

My Digital Adventures

Dude, My Car’s Been Hacked! — August 15, 2015

Dude, My Car’s Been Hacked!

So I’m the last person in the world to break this story, but in case you haven’t heard, your car may now be vulnerable to hackers. Thankfully, Chrysler has issued a recall for the affected vehicles.

I know that we all want to be connected all the time, and that the convenience adds a lot to our lives. I don’t even remember how I used to get around town without GPS to guide me. I think I got lost a lot. And remembered exit numbers a lot better than I do now.

But this is the price we pay. For each convenience that allows helpful data in, a hacker sees a way to get their own data in instead. When you’re looking for your next vehicle, for each helpful little gadget, ask yourself what could happen if it went terribly wrong. When your doctor wants to monitor your health over the Internet, ask her how your private data is being protected. And if someone offers you a bionic implant that can be “updated” remotely, just say no.

Advertisements
Internet Privacy? — July 27, 2015

Internet Privacy?

As you’ve probably heard by now, cheaters’ dating site AshleyMadison has been hacked, and details about a sampling of accounts have been posted online. A claimed motive is the site’s “full delete” feature that promised users that their personal information and usage data stored by the website could be deleted with the payment of a fee. The hackers claim that this feature is “a complete lie.”

Although this is only the latest in a long string of information leaks, it is also one of the most sensitive. Since the website’s target audience is married people wishing to have an affair, most users presumably trusted that their information would be kept private. Although parent company Avid Life Media presumably never intended to break their customers’ trust, the results are the same.

So you’re not cheating on your spouse, so you have nothing to worry about, right? Well, I guess it depends on what kinds of things you worry about. So you don’t have an account on a hookup website. What have you been posting on your Facebook account? And what are your privacy settings? Do “friends of friends” know what city you live in and that you are on vacation out of state? Or even the whole world? What about your Instagram? Are your pictures telling strangers where your kids go to school and which Starbucks you frequent? What about that Google document where you wrote about your secret crush?

Everyone has a different tolerance for privacy, and that’s OK. But the Internet is not a good place for things that you want to keep private. Even if you’re doing everything right and have your settings all locked down, you still don’t have control over the information that you’re storing (or allowing someone else to store) on the Internet.

I try to keep some stuff private. I have my Facebook account pretty locked down, only letting friends see most of my posts. I only accept friend requests from people if I actually know who they are. I shut down my Instagram account a few years ago. (I didn’t use it that much, anyway.)

But.

I also assume that anything I put out there might become public some day. I don’t put anything on the Internet that I want to hide from anyone. I think twice before hitting post. I ask myself if I’m OK with my mom, my pastor, and my future employer seeing what I’m writing. Because you truly never know.

Java and XML — July 21, 2015

Java and XML

Now that I finally got the hang of JSON, guess what? I needed to do some XML parsing. Now, let me just say that we are very lucky nowadays. Everything you need to work with XML in Java comes built right in to the JDK. Back when I first started working with it, you had to find and download separate packages, and it was hard to find information. These days, XML is almost passé. And yet, here I am, needing to do a little old-fashioned XML parsing.

You’ll find everything you need to work with XML in the JDK somewhere under javax.xml. Today, we’re talking about XML parsing, which, go figure, is found under javax.xml.parsers.

There are two major types of XML parsing. (There are others, but these came first and are still the biggies.) Document Object Model, or DOM, creates a full tree-like representation of the XML document in memory. The advantage of this technique is that you can quickly travel up and down the tree in any direction you like, as much as you like. The disadvantage is that it takes a lot of memory to create the model, and it will be tied up as long as you are using it. DOM is good for applications that are highly dependent on the XML structure and need to refer to it multiple times. The other type is Simple API for XML, or SAX. SAX eliminates the memory hogging of DOM, but at the expense of passing through the document only once. It is good for applictions where you can grab the information you need in a single pass.

DOM

To get a DOM of an XML document, you’ll need a DocumentBuilder. And how do we get that, you ask? From a DocumentBuilderFactory, of course!

DocumentBuilderFactory factory = DocumentBuilderFactory.newInstnce();
DocumentBuilder builder = factory.newDocumentBuilder();

Once you have the builder, give it some XML data as a File, InputSource, InputStream, or URI:

Document xmlDoc = builder.parse(inputXml);

And now you can have some fun! Use the methods in Document to travel through the XML, search it, and even modify it.

SAX

SAX is a different way of thinking about XML from DOM, but still very powerful in its own way. Once again, you’ll want to start by creating a factory:

SAXParserFactory factory = SAXParserFactory.newInstance();

…and a parser:

SAXParser parser = factory.newSAXParser();

Here’s where it gets a bit more complicated. SAX is a callback parser. That means that you have to write an entire class to give to the parser that contains methods to handle the XML as it comes, and the parser will call the methods on the class as it streams through the XML. There are two classes you can use for this, but one is deprecated, so you will only want to use the other one.

The XML parsing class is org.xml.sax.helpers.DefaultHandler. This is a concrete class, so you could actually create and use an instance of it, but it wouldn’t be very helpful since the default implementation of the methods is to do nothing. But this is still handy for you because you can just not override any methods that you don’t care about. The methods you are most likely to use are:

  • startDocument()
  • startElement(String uri, String localName, String qName, Attributes attributes)
  • characters(char[] ch, int start, int length)
  • endElement(String uri, String localName, String qName)
  • endDocument()

The startDocument and endDocument methods are handy for any pre- or post-processing you need to do. The startElement method lets you know about an element’s opening tag, characters gives you any text between the tags, and endElement tells you the element is closed. There are also methods that will tell you when a warning or error occurs.

With DOM and SAX, you can parse any valid XML data and put it into a form that’s more useful to you.

Browser Wars — July 13, 2015

Browser Wars

In the 80s we had the cola wars. Then in the 90s, we had the the browser wars, and, if anything, people are even more passionate about their choice of browser than their beverage of choice. Sometimes you want a Coke, sometimes a Pepsi, and sometimes a Dr. Pepper. Sometimes, you may even crave a Pineapple Fanta. But lots of people, including me, are never going back to Internet Explorer.

W3Schools.com has browser usage statistics going back to 2002, when our choices were limited to Internet Explorer, Netscape, and (talk about a blast from the past) AOL. In those days, IE was the 800-lb. gorilla, with over 80% market share. Since then, however, usage has dwindled and now hovers in the single-digit range. I think AOL went broke sending people free CDs, but as broadband proliferated, plenty of other contenders entered the arena.

AOL disks from 1999 - 2003 for versions 4.0, 5.0, 6.0, 7.0, and 9.0. Thanks AOL for getting America online! via photopin (license)
AOL disks from 1999 – 2003 for versions 4.0, 5.0, 6.0, 7.0, and 9.0. Thanks AOL for getting America online! via photopin (license)

Today, the relatively new Chrome browser dominates. Mozilla’s Firefox is a distant second, and IEApple’s Safari (which is also available for Windows), and Opera round out the top five.

So which one to choose? Many Windows users just stick with IE, which comes conveniently pre-installed. Likewise, many Mac users see no reason to use anything other than Safari. Others, however, only use IE (or Safari) long enough to download their browser of choice.

Why? I’m a diehard Windows user (unless there is a Linux distro nearby), so I’m going to primarily talk about IE here. (Sorry, Mac fans.) IE has an unfortunate reputation of being bloated, insecure, and lagging in standards compliance. Microsoft has been doing a better job lately of making IE play nice with the rest of the web, but even they recognize that IE’s noteriety is hard to overcome. Windows 10, available later this month, will include a new browser called Microsoft Edge.

Firefox, and more lately Chrome, on the other hand, have reputations of being faster, more secure, and more customizable. They had features like tabs, plugins, and anonymous browsing long before IE did. But then every once in a while you get a bombshell like this one about Chrome sending your conversations back to Google.

So which should you choose? I say, pick the one that you like the best. Seriously. The most important thing you can do to have a safe browsing experience is to keep it updated. Set it to automatically update. If your browser tells you there is a new version available and asks if you want to install it, say yes. (After making sure it’s not just a scammy popup or something, of course. Go to the browser’s homepage or another trusted source rather than clicking on any links.) Some antivirus products will help you stay on top of this, too.

As long as you practice safe browsing, any modern browser will get you where you want to go.

The Big Breach — July 10, 2015

The Big Breach

Today’s post is about a topic that’s close to my heart. And my credit report.

As you may have heard, personal information belonging to millions of federal employees and others was stolen from the Office of Personnel Management and and the Interior Department. That was bad.

But this week, it’s come out that it’s not just personally identifiable information (PII) that’s been stolen, but fingerprints as well.

This brings up one of the major problems with using biometric identification as an authentication mechanism. Passwords can be changed. Credit cards can be replaced. In extreme cases, you may even be able to get a new social security number. But biometrics are, by definition, a part of you. You can’t just go out and change your voice print or get a new set of fingerprints.

I understand why the keepers of really important data use biometrics. “Something you are” is one of the fundamental authentication mechanisms. (The other two are “something you know” — like a password — and “something you have” — like a keycard.) And two-factor authentication is a must for any really important data.

But if your data is so important that you literally “want a piece of me” to allow me to work with it, then have the decency to protect it at least that well. Unfortunately, the federal government has a history of failing to protect the data in its charge.

The OPM director has resigned over this incident. It will be easy to say that the problem will be solved under a new director. Perhaps the next person to accept the responsibility of this office will in fact do better. But until those in charge value their employees’ personal data and their citizens’ trust more than their positions of power, we will continue to see incidents like this in the government.

Who am I and What am I Doing Here? — July 6, 2015

Who am I and What am I Doing Here?

Lest I repeat myself, you can check out my new About page to find out!

TL;DR

Basically, I’m here to help with computer and security problems. Some of my posts will be technical, and some not so much. Some may not even be directly related to technology. Especially here at first, I’m going to be experimenting with some different kinds of posts and trying to find my audience.

Anyway, I’m having fun, and I hope you enjoy reading my blog as much as I’m enjoying creating it!