Monday, 12 June 2017

Hacking TiddlyWiki (again)

So once again I'm back in Oxford hacking TiddlyWiki stuff.


Now I realise that I have seriously neglected this blog, because the last time I wrote about this was the last time I actually wrote an article. That's not because I'm not doing Tech Stuff, it's just that most of the Tech stuff I'm doing is not for public consumption.

So if you want to see an actually functional TiddlyWiki then try http://www.kizar.co.uk/TW/library.html

And somebody remind me to post here more often.

Saturday, 16 July 2016

Hacking TiddlyWiki

Now before you get all uppity, this is hacking in the traditional sense. i.e. making something better.

"But what on Earth is a TiddlyWiki?" I hear you ask.

Actually, it's kind of hard to describe. Well you've heard of Wikipedia? Imagine a personal version of Wikipedia that contains all your personal content of "whatever" in one easy to use system. Better yet, imagine a system where you don't actually need to use any software other than a web browser. To best describe it, in it's own words it is "a unique non-linear notebook for capturing, organising and sharing complex information."

At it's core each component of content is broken down into "Tiddlers". Essentially a text space with a title (and optional tags) which you can then cross link to other content. As such you can build up a complete web page for whatever kind of content you choose. But one of the best features of this system is that it is just an html file (with a lot of JavaScript that handles the core functionality. You can keep it on your personal file system, or because it is a web page, you can host on a web server, or better yet, via DropBox or other cloud services.

I am current at the TiddlyWiki European Meetup where we are working on the next versions of the core systems.

You can find your own personal TiddlyWiki at http;//tiddlywiki.com



Monday, 15 June 2015

Keeping your portable data "secure"

I recently attended the Info Security Europe conference held at Olympia, London. It was a huge three-day event (although I only went on the first day) with a number of high profile security, anti-virus and other related companies trade stands.

Not only that, but there were also a number of live hacking events, seminars, presentations of all-sorts (mostly sales pitches) and a few off-beat companies who provide specialist services.

I wasn't there for the sales pitches. Not interested in monitoring software. Not wanting to purchase hardware. I was looking for information and useful tools.

OK, I tell a lie. Although I wasn't looking to buy hardware, I did come across one company that was selling something a little unusual and very interesting. The company in question sold USB and SSD drives that were encrypted and hardware password protected.

The company in question was iStorage,

and the product which caught my eye was the datasur USB drive.

Now for years I've used a multi-boot USB drive for my most important tools. I used YUMI to handle the drive installation where I can boot the disk into multiple platforms. But this was on an unprotected drive, where if people could have got hold of it they could have used it as well. I had to use a TrueCrypt partition to protect some of the data on there, but it was always a pain loading the partition after the boot. So now there was the chance of having a secure drive right off the bat. So I bought one right there and then at the show.

A couple of days later and DHL dropped off a small packet with the enclosed drive. The device itself is very easy to use. It comes pre-formatted with a copy of the manual sitting in the root directory and a little data card which gives the default PIN and information about how to go about changing it. Needless to say, I changed the PIN. This was now my secure drive of choice.

So I fired up YUMI, got together a collection of my most useful .ISO images (which I always have handy anyway) and started getting things running. It was at that point my elation died as did, it seems, my drive. After running YUMI and installing my copy of Kaspersky Rescue Disk (always my first install of any new drive), the drive promptly detached and became unusable. Looking in the device manager it simply showed up as an unknown USB device. According to the instructions, if you get the access code wrongly ten times in a row then the drive should reset. So that's what I did. But to no joy, the device was still unusable.

So I contacted the iStorage support team to ask for help. They immediately dispatched a brand new drive without question. The failed disk I sent back to their Technical Support department. It was later determined that the failure was due to a faulty controller. Not due to an incompatibility with the YUMI multiboot configuration which was my first thought.

The moral of this story is one of user satisfaction. The iStorage Support Deptartment spared no expense to ensure that I, as a customer, was satisfied which their product. As in all businesses, if you don't have happy customers then your business model is wrong.



My only criticism with this device is an odd one. As I mentioned before if you enter the wrong code, 10 times in a row, then the drive is wiped and scrambled. So anybody who physically gets hold of your drive can blank it in just a few seconds and wipe all your valuable data. So there is a difference between accessible security and deletion security. It's harder to wipe a normal drive since you have to access it then wipe it via the computer.

But it all depends on what sort of data you keep on the drive. You did remember to keep secure backups of your important stuff didn't you?

Wednesday, 18 March 2015

Keeping Terry Pratchett alive

In Terry Pratchett's novel "Going Postal", anybody who dies in the service of the Clacks is kept alive by their name being transmitted over the wires. "A man is not dead while his name is still spoken," as one character puts it.

There has been a discussion on Reddit to immortalise Terry Pratchett's name in a similar manner. By adding his name to the X-Headers that are sent with every web request.

You can add this entry by simply selecting your website in the Web Configurations section of Domino and creating a Rule, like so:


My small contribution to a great man I once had the honour of meeting. I'll treasure my signed copy of the Colour of Magic.

Monday, 9 March 2015

DropBox and Server logs

If, like me, you run a few servers then your log files are vital to determining the health of your systems. The logs generated may be huge. Some are daily. Some are weekly. Some are only generated when a server encounters a problem and resets. Some are boring. Some are so damn useful in tracking down that annoying bug.

But all of them should be kept and analysed.

I've lost track of the number of times I've seen websites under attack. Some of these attacks are insidious in the way they are undertaken. The attacks themselves are spread out over time so that it's almost to distinguish the attacks from regular usage. Other attacks simply bombard your server with a high frequency that sends your server into fits of 404's and 500's.

But one thing you really need is to get those logs into a place where they can be assessed and archived. Now I have servers all over the place. But the servers which generate those logs are not accessible except via remote control which is time consuming and laborious to setup. So how can I get those logs into a central location?

Cue DropBox.

If you can install DropBox on the server then setting your log files to be dropped into a folder that is synchronised will allow those files to be sent to you whenever they change. It's simple and effective. But if you have many servers then this can become a bit of a pain. Having the same account might work for all your servers, but generally log files can grow to large sizes. DropBox can cope with this by simply ignoring the files that sent it over the limit. On your workstation you can then move the logs out into local storage clearing up space so that DB can then send down the remaining logs. DB is good like that.

But there is a better technique. One which can give you better overall control, but it does take a lot of organisation in the first place.

You will need an email address and account for all servers, plus a control (unless you wish to use your personal account). First register a control user which will act as your central "hub" for receiving your log files. Then send "invites" to all of the servers which you then wish to manage the logs of. Install DB on all of your servers using the invited emails. DB will give you a little bonus space for your servers, as well as a large bonus space for your control account. Once you have your accounts installed on your servers, you then need to create a shared folder for your log files. This is then shared with your control account.

Using this method gives you multiple benefits. Firstly, each server only has their own logs. you're not distributing the logs across all servers which is better for security. Secondly your control account now has an increased capacity for handling the logs. Always useful considering how many you will probably need to manage. Thirdly you have a better indication if any issues arise. A simple script can see which servers haven't yet communicated back their logs and you can then go and check out those servers for issues. That is unless you haven't been smart enough to set up other alerts for your systems in the first place.

Saturday, 24 August 2013

Testing responsive designs

Ferdy has been converting JungleDragon into a new responsive design. He has a test version up and running, and his main focus is mobile access.

These days it's all about mobiles. You either create an "app" for each platform. But then that always leaves out those on different flavours. Or you create things as a website and hope that everything works out as you'd expect. Doesn't always work that way. Hence the reason you need tests.

Now It's no secret that I use Domino (aka Lotus Notes) a lot. In fact I use it on a daily basis even for my personal emails. Having my own server helps a lot. But Notes has always had the ability to break up the design so that you have one set of design elements for the Notes Client, one for the Web and one for Mobiles. But that rather defeats the whole purpose. Surly it's better to have a single design that works across all platforms but adapts itself to the various capabilities. This is what Responsive Design is all about.

The test platform of JungleDragon handles different screen sizes and orientations without any additional code. Granted there is a slightly increased overhead in that you are carrying extra design and layouts to handle screens and formats that do not work on the browser you are using, but in terms of the overall weight of the page, it is a mere pittance.

What Ferdy has created here, after many, many hours of work, is a platform that embraces the whole concept of what responsive design is all about. He has tested against a whole range of devices (albeit via a simulator for some of them) but he lacks the ability to test against BlackBerry devices.

Well guess what. I don't have that problem... since I work for them. So here are a few screenshots of the new JD3 working on my Z10 device.

Switching between landscape and portrait shows the differences in how the home page renders. The menu options change. But you always get the menu button top right of the page. Selecting that again shows differences in how the renderings work.
One slight niggle is switching between landscape and portrait with the menu option open. The menu options don't re-render properly.

Once you start drilling down the site you come across all the goodies.

Feh, and I just realised that I really should have hidden the URL bar in the browser. Never mind. It all works wonderfully.

Monday, 8 July 2013

How to play Google's Roswell Doodle

Today Google has a nod to 66 years since the "Roswell Incident", and to celebrate they have an interactive doodle where you play the part of a stranded alien.

When you click play you are treated to a short animation detailing where the parts of your space-hip end up. Your task is to retrieve these parts and escape.
  • You start on top of a small hill.
  • Walk down and you'll see the first part of your spaceship.
  • Walk left and you'll see a cow. Take the rope.
  • Walk right and you'll see a hole in the ground (where the cow is grazing after being released.) Jump down it.
  • Take the Radioactive "juice".
  • Use the juice on the tree and climb back up.
  • Walk right until you come to a barn.
  • Climb the ladder.
  • Take the horse shoe.
  • Take the bag of corn.
  • Use the rope and horse shoe to get part of your spaceship off the roof.
  • (Alternative, click on the barn window and a horse appears. Use the juice on the horse and stand back.)
  • Walk right again.
  • Give the corn to the chicken.
  • Take the feather.
  • Use the juice on the tree.
  • Climb the tree.
  • Use the feather on the sleeping human.
  • Take the final part of your spaceship.