Geek Life....
photography, programming, site design, networking, computers, linux, windows, mac os x, application reviews...
Nov
19
Quickpost – Easy browser/version/platform specific CSS targeting via jQuery
cross browser, css, css level, css reset, jquery, programming
For the last year or so, I’ve solved browser specific CSS issues using a lightweight jQuery plug-in by Jon Hobbs-Smith named BrowserDetect.js. This solution allows us to target specific browsers, and browser versions via CSS selectors injected into the Body class.
Lately though, I’ve noticed a few bugs creeping into some of my work where a specific browser version gives slightly differing results across the three main platforms, Mac, Win, Linux. So I spent some time both refining browserDetect.js and have added functionality that allows me to target the platform as well.
As it sits right now, you can target a fairly granular range of variables compared to the original:
- a specific browser
- a specific browser version
- a specific browser running on a specific platform
- a specific browser version running on a specific platform
- a specific platform
And here’s what the body tag CSS selectors looks like in Firefox 8 on my Mac:
<body class="Firefox Firefox8 FirefoxMac Firefox8Mac Mac">
Download the code: css-level.js
May
14
Why the FTC need to raise the bar on their hiring standards.
bandwagon, complaint, dropbox, encryption, ftc, hbgary, privacy, Security, wired
Wired recently published an article on a new FTC complaint filed by Christopher Soghoian. Soghoian is a PHD as well as having been the first real cyber-ninja to be employed by the FTC’s Division of Privacy and Identity Protection. That being said, it discourages me that the information presented was at such a low level of expertise.
After reading through the Wired article and following up with the link to Soghoian’s blog post; I’ve come to only one surprising conclusion. It takes a few years and a PHD to figure out that Dropbox isn’t secure???
Over two years ago I spent 5 minutes evaluating Dropbox as a solution to a small client’s backup problem. I had quickly knocked Dropbox off the list due to two defining facts.
1) Dropbox is not Pro grade for business. It’s consumer-grade, targeted towards the same user base that upload drunk photos of themselves to Facebook then cry about privacy. There are plenty of other services that offered business grade services. (i.e. Jungledisk.)
2) Dropbox’s ‘share’ feature meant that the company’s claim of being secure had to be completely false. If Dropbox has the ability to allow a completely unrelated user access to my files, then they obviously have the encryption keys.
No PHD, no affiliation with a national commission. This isn’t rocket science. I don’t like the fact that Dropbox isn’t holding true to their claims but if you’re going to fight them over it, please do a little better than flashing your badge and offering zero data to support your findings.
Soghoian’s claim seems to revolve around one interesting fact. Fellow FTC cyber warrior Ashkan Soltani, “was able to verify”, that uploading the same file to two accounts results in the second copy taking up considerably less bandwidth and time to upload. He states that this took only a few minutes with a packet sniffer to determine that a 6.4MB file used only 16k of network traffic to upload to the second account after being uploaded to the first.
Why was a packet sniffer used? Why wouldn’t you simply upload a 10MB file (even number) and see if the second upload completes almost instantly. This is rather unscientific but the test is only a couple of minutes and will easily confirm the theory right then and there. What was in the 16k of traffic? A scientific mind would want to know. Why was it a 6.4MB file? Sounds like it was a file just sitting on the desktop and thrown into a ‘scientific’ test environment in which zero controls were put in place. Where is the data collected? If you go all out and test with a packet sniffer you could at least present the captured data without any filters applied. This way we can make our own conclusions.
With Soghoian’s level of expertise then, It’s no surprise that he suggests that law enforcement or copyright ‘trolls’ could upload sample files and based on the short-upload time, determine whether someone on Dropbox has the files. It does not occur to him that despite being a nice idea and all, that it is negated by simply adding or modifying any part of a file, or that several variation of each file are available across various areas of the Interwebs. Law enforcement or copyright ‘trolls’ (I hate that term) only require filenames and a court order to have Dropbox hand over a list of users with the file.
Perhaps one of the worst parts of Soghoian’s blog post is where he states that, “Dropbox is likely calculating hashes of users’ files before they are transmitted to the company’s servers.”
If you are making an assumption and stating that something is ‘likely’ to be the case, it would be nice to at least verify your claim. A simple test of this theory would be to drop a 500MB file into Dropbox and watch the network for activity. If the Dropbox client software is computing hashes before sending the data to Dropbox then it should take a few seconds at least to compute a hash for a 500MB file. My own test proved this to be false… the 500MB file started uploading instantly after being dropped into the folder. Hashing is not performed on the client side.
In closing, I’m not defending Dropbox at all; I’m simply annoyed that I see incompetence at all levels. Recently during the whole HBGary incident, it became apparent to me that even in support structures for Government and big banks, idiots seem to hold key positions. This scares me.
Sep
08
Yes, I forgot my lunch today….
su -
*******cd /usr/share/fridge/yourspot
chown -R me urlunch.bag
chmod -R 700 urlunch.bagfor i in urlunch.bag/*; do grep -v ‘veg’ “$i” >> /tmp/belly.tmp ; rm -f “$i”; donemv /tmp/belly.tmp > /dev/nullfbookcmd status BURP!
dd if=/dev/urandom of=urlunch.bag/baggie bs=1024 count=1000
dd if=/dev/urandom of=urlunch.bag/coke bs=725 count=1
chown -R you urlunch.bag
echo “nanananana!” | mail -s “THANKS!” “you@here.now”
with enhancement from @area256
Jun
14
I’ve always understood that running the latest release of any software generally is safer, faster, and more compliant with my needs and expectations than running otherwise.
Of course, there are times when you want (*need*) to wait a little before adopting service patches or security patches… i.e. production servers would do well to take a few days after Patch (or Black) Tuesday and let other people bear the brunt of any potential issues like this, this or any of these.
Jun
13
Browser Compatibility has come a long way in the past couple of years. That being said, still we find web developers hacking site code to produce acceptably similar results across the playing field.
Recently, most browsers are starting to really kick into high gear with the all new HTML5 and CSS3 support. This is a good thing. What isn’t so cool though is that once again, Internet Explorer and Microsoft in general have thrown a monkey wrench into what should have been next years end to cross-browser compatibility woe’s.
Jun
06
Welcome to the new site. I won’t bore you with a first post full of geek stuff…. here’s some of my old photoblog pics instead :) Clicking on them gives a full view with photo info.
The new site is a hand-coded (blood-curdling) theme running on top of the WordPress back end. Some day I will have to post some of the techiness behind designing, building and implementing such a beast. Lots of Photoshop, CSS, jQuery, html, etc etc etc.
Stay tuned for application reviews, network tech, programming, site design, photography, and much more nerdy crap than you can handle.
