Category Archives: Internet

Facebook: Download your information

Facebook downloadI had a quick look at Facebook’s Download Your Information feature — evidently added a few months ago due to criticism about the accessibility of people’s data once it’s dumped into the Facebook bottomless pit.

You can find it via the My Account screen, by clicking Download Your Information.

It asks for some time to compile all the information — in my case this took about half an hour — then emails you to say it’s ready to download, and provides a link and re-checks your password.

It comes as a single zip file, with HTML and pictures inside it.

Opening the index.html file, you’ll find a version of your Profile page, with links to all the other information in the archive, including Wall, Photos, Friends, Events, Messages.

The Wall in my case was 1.5 Mb of HTML, going back to 2007, and I suspect is every Wall post (and replies from friends) I’ve ever made. Friends is just an unlinked list of all your friends (name only). Messages has all your message threads, and replies.

You can browse the photos via the directory of the same name; subdirectories reflect the folders. It looks like all the photo files are at the size that Facebook shrunk them down to when they were uploaded.

To actually get this information into another service, you’d need to do some trickery with munging the HTML. The code they’ve used seems relatively clean and easy to parse.

So all in all, quite a handy feature, and goes a long way towards dispelling fears that information pumped into Facebook was lost forever behind a zillion clicks of to show “Older Posts”.

(It doesn’t appear that Twitter has a comparable feature.)

Gmail irritation #1

Sometimes Gmail decides your session has expired, when you’re in the middle of writing an email.

Gmail: Your connection has expired

If you’re lucky you might be able to copy the text from the draft out. If not, the most recently saved draft may or may not be up to date.

This is bad design. Why interrupt like this when you’re in the middle of something?

If you must have sessions that expire, than at least give the user a bit more time to actually finish what they’re doing — send and/or exit the draft — and then ask them to logon again.

Citylink: Poor security

Interesting article from The Age about Melbourne’s Citylink (Transurban) falling foul of a Google Chrome error: There’s no space like Chrome

Leaving aside the introduction, with its very amusing description of Google Chrome OS as:

an internet-infused operating system for computers that takes on Microsoft’s MS-DOS

… it talks about the Google Chrome browser refusing to connect with the Citylink web site due to an SSL error.

I tried to connect (I have an account there) and sure enough got an error when trying to logon.

Here’s the detail from Google:

ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY
This error can occur when connecting to a secure (HTTPS) server. It means that the server is trying to setup a secure connection but, due to a disastrous misconfiguration, the connection wouldn’t be secure at all!

In this case the server needs to be fixed. Chrome won’t use insecure connections in order to protect your privacy.

You may find that the site works in other browsers. This is because other browsers, unknowingly or intentionally, work around the broken servers. But this doesn’t change the fact that the servers have a glaring security hole and should be fixed.

Technical details

This error message is triggered if the SSL/TLS handshake attempts to use a public key, smaller than 512 bits, for ephemeral Diffie-Hellman key agreement.

For website administrators

If your website has this problem, either:
1. use a 1024-bit (or larger) Diffie-Hellman key for the DHE_RSA SSL cipher suites, or
2. disable all DHE SSL cipher suites.

The Age article seems to assume that Citylink must use a 1024 bit key… but then, if the writer thinks Google Chrome OS is trying to compete with MS-DOS, it’s clear he may not be the most IT-savvy person.

My reading of the error is that it’s a combination of the DHE keu agreement and the small key that is the problem. I’m not a net security expert, but that’s what point 2 appears to be saying.

It’s certainly not the case, as implied in the article, that they must use a massive 1024-bit cipher key — I’ve just logged into the Commonwealth Bank’s site, and all is working fine with their 256 bit key.

While Citylink/Transurban might be whinging that they’ve done nothing wrong, given all the other secure sites I use with Chrome are working perfectly, the conclusion I come to is that indeed there is a misconfiguration on their end.

It’s important that they get this right. After all, one wouldn’t want personal information being transmitted insecurely. It could get picked up by a passing Google Streetview car doing packet sniffing!

Update 10:45am: The reference to MS-DOS has now been removed from the article, which now reads: an internet-infused operating system for computers that takes on Microsoft.

It also no longer says Only one browser was available… in 2000, but has been changed to say One browser was dominant.

Yahoo groups spam

On a couple of Yahoo Groups I’m on, we’ve noted spams coming through from long-time members in the last week or two.

The good news is there’s no need to panic. Most probably a spammer out there has worked out that person X posts to list Y, and is forging emails from them from a remote location. Which means it is unlikely that X’s computer has been compromised. (Though of course it’s good practice to have virus protection and regularly do scans.)

If you’re an Admin of a Yahoo Group, you might like to check the Posting settings (group management / Group Settings / Messages / Posting and archives). There is a Spam Filtering option which I believe is switched off by default (it might be a newly added setting).

On the groups I’m on, we had spam coming through, but setting the Filtering on seems to have prevented more of it.

How to fix YourTV.com.au’s annoying Sydney default

I quite like the YourTV.com.au web site. The TV guide it displays is quite usable, and can be customised to show your correct channels.

But why does it keep forgetting your region every few weeks, and reset itself to metro Sydney?

Your TV Sydney default

Very irritating. (Well, if you live outside metro Sydney.)

Using your web browser, you can check the cookies. This article describes how, in various browsers.

That’s where the problem is: it looks like the “TvFixGuide” cookie, which seems to hold details of what region you’re in, is only set for a month.

Your TV cookie

It doesn’t look like either browser allows you to extend the time range of the cookie, or otherwise modify it. I suppose there’s legitimate reasons for that.

It is possible to hack it by deleting the cookie, setting your computer’s clock, say, a year into the future, before going back to the site and setting the option.

Yep, it seems to work:

Your TV cookie modified

Don’t forget to set your clock back afterwards.

Twitpic makes you follow them

The other day I noticed I was following @Twitpic on Twitter. I use Twitpic, really like the service (esp as I haven’t yet sat down and got my mobile to Flickr and Twitter posting working yet) but I don’t remember following them.

This morning, much more sinister, I notice I’m somehow following Twitpic founder @noaheverett.

Something is afoot. Could it be that Twitpic is abusing their access to my Twitter logon, and using the API to make me follow them?

A Twitpic Twitterer mentioned the option is on this page. But I’ve been using Twitpic for about 18 months, and I’ve never seen that before — and it’s only in the last week that I’ve seen @Twitpic and @noaheverett tweets show up.

Apparently it’s new, added 20 days ago, and people see if once, after logging on. Maybe they’ve sneakily switched everybody on by default, or maybe I just wasn’t paying attention, because I don’t recall seeing it, and I try and restrict how many people I follow very carefully. I might have opted-in for @Twitpic, but definitely not @noaheverett.

Or maybe, since only pops up during logon, I haven’t needed to re-login recently. I notice if you go back to it, it defaulted the option on again.

Not sure if this was something sneaky by Twitpic, or just not very well thought-through.

Facebook Scrabble unstoppable advert

Oh Scrabble, you bastards.

Facebook Scrabble unstoppable ad

This new advert appears when opening up Facebook Scrabble (the international version).

Gripes:

  • Total advert length might be 45 seconds or more
  • Sometimes it’s a video advert, sometimes it’s a moronic Flash game or one of those stupid “You have a new message!” mock emails
  • Looks like you can’t stop it until there’s only 15 seconds left. After that it seems a Continue button appears
  • For videos, once advert has buggered off and the game fully loaded, the player details don’t appear properly. The video advert has stuffed it. Everybody remains “Anyone”

Apparently we weren’t paying the adverts enough attention, now they want to shove it in our faces.

Way to piss off your users.

Looks like I can stop recommending Scrabble on Facebook to people.

Damn you Facebook

I just want to look at a photo a friend has posted. No doubt the app in question makes it very easy for my friend to post the photo, but it’s difficult for me to see it without handing over a bunch of control to the app.

Facebook Photo of the Day app permissions

Now, I know it’s not Facebook’s fault specifically, but c’mon, why do I need to give an application access to my Profile and details of my friends just to look at a photo? I don’t want to do that.

Surely they could change the FB API around so it’s easier to have simple interaction with an application (eg to just look at the photo, not post my own) without handing over this kind of permission?

But then the app wouldn’t spread so fast virally, would it.

The fact that this kind of stuff is so typical is not exactly training users to be careful about minding their privacy online.

Fortunately in this case, it appears that the app is just re-broadcasting a photo from the user’s existing collection of photos, so I’ve been able to hunt it down and look at it there.

Of course, it’s in the FB photos standard lowish resolution, no bigger copy available, but that’s another story.

Google’s buggy and annoying custom backgrounds

Google’s introduced custom background images for its plain search page.

You know what? I find it annoying. It’s just slowing down the page, and making it less readable.

google-background

And the clincher is… you can’t turn it off! Initially there’s a very well-concealed link at the bottom left to do it, but once you take a look at the options and try it out, that becomes a “Change background image” option, and there’s no way to remove it completely.

I’ve also seen it momentarily change to a “Remove background” link, but it doesn’t work — instead it changes back to a default picture.

Seriously, if I wanted this kind of crap, I’d use Bing.

Under Editor’s Picks, there is an option for a white background (as well as other colours), but choosing white is not very readable, because the writing has also been changed to white, with a grey shadow. For now, I’ve switched it to the blue one, which isn’t excessively bad, but I’d like it gone completely.

Mashable has found there are a couple of not-very-convenient ways to turn it off:

Go to http://www.google.com/webhp?hl=all

or use HTTPS, eg https://www.google.com/

Attn: Google, by all means offer this as an option, but for heaven’s sake provide an easy way to turn it off.

Update: Google blog post about this (via Richard Thornton.)

Update 8am Friday: They’ve fixed the bug, so the Remove Background Image link now works. As this update notes: Due to a bug, the explanatory link did not appear for most users. As a result, many people thought we had permanently changed our homepage, so we decided to stop today’s series early.

Call me crazy, but maybe they should have tested it properly before turning it on. (Thanks again Richard)

Month one with NetSpace: two support calls

One two occassions I’ve had to call NetSpace, my new ISP, because the Intertubes went away.

On both occasions, I was on hold for quite a while – 40 minutes, Thank the Lord and Maker that He Invented handsfree telephones.  On the second call the support guy helpfully pointed out that they could have called me back if I’d pressed “1”, and then clarified that I wouldn’t lose my position in the queue.  Mental note for next time.  Trouble shooting in both took more than a half hour, and assumed that there was a working Windows box in the house – that was a bit of a stretch.

Both calls to NetSpace were for the same problem – Authentication Failure.  No, we didn’t forget the password to the account.  For the first call, it appeared that the problem was resolved when the modem settings were altered from the factor default (and ISP specified) PPPoE to PPPoA (VC-BASED); the second required changing the account password, and changing it back.

This does not bode well, and I expect there will be a next time.

What am I meant to do when my home phone is a VoIP phone?

Sensis Yellow Pages

Dug this up from a five-year-old draft:

Sensis are nuts. They’ve totally shot themselves in the foot, and they’ve only got a limited amount of time to plug the gap before their Yellow Pages foot falls off completely.

Yellow Pages on the web doesn’t contain entries for all of the businesses listed in the physical Yellow Pages. Sensis charges businesses extra to list on the web. Not many have taken Sensis up on that option, meaning that YPW has remarkably few businesses listed – and because YPW has few businesses, consumers don’t turn to YPW to find businesses. And because of that, fewer and fewer businesses are listing… and so the death spiral goes.

If anyone there had one ounce of sense (sic), they’d be giving web listing away for free, or even negative price. For a while, while the network effect was being established. Then the charges would start hiking up, and the profits rolling in. But no, they had to try to be profitable before the monopoly was established. Bang! bang! Wow, my foot hurts.

I don’t think I was wrong.  When’s the last time you used the yellow pages online to find… anything?