Will a sand-boxed App Store stop Mac malware?

by Dave on July 22, 2011

I’m listening to the latest release of the Build and Analyse podcast on 5by5 with Marco Arment and the current topic of discussion is how the Mac App Store will be a “huge deal” for mac security.

Marco makes a point that he believes that be implementing a sand-boxing policy on all apps that are to be sold in the Mac app store Apple is making all Macs a “lot safer than Windows machines” because apps are limited in what they are allowed to do. Marco makes the connection between Apple rushing out this sand-boxing policy and the recent Mac Defender scare, saying that:

During this transition period, where a lot of this extra security isn’t in full force yet, they [Apple] don’t want there to be some huge mac virus or malware. Because Mac Defender was almost that, and it got them a lot of bad press… They want to get this in place as quickly as possible, to avoid something like that happening…

Saying that the Mac App Store will prevent malware is like saying that DVD encryption will stop movie piracy, it’s just not true.

By only enforcing the sand-boxing policy on apps that are in the App Store, the policy will only affect developers who follow the rules anyway. Just like DVD encryption on affects consumers who follow the law and buy DVDs. The vector for malware infection, in a large percentage of cases, is the web, or by other social engineering methods like those used by Mac Defender.

In short, an App Store sand-boxing policy would not have prevented the Mac Defender outbreak.

This isn’t to say that the sand-boxing won’t bring other benefits as Marco continues to discuss, and to be fair Marco does later mention that Apple allowing non-App Store apps to run on the Mac is still a problem.

The Problem with Message Ranking in Google+

by Dave on July 20, 2011

Since Google+ launched I have been happy to have somewhere to go that was not Facebook. From the annoying games to the interface and confusing maze of a settings I have always hated Facebook. I loved the Google+ interface and the mix of a good privacy model together with a clean interface and also Twitter style following Google really seems to be onto something. Thought it’s the Twitter style following that really seems to be a huge weakness of Google+ and is also adversely affecting the social part of the site.

After receiving an email that a friend or family member has replied to a post of mine naturally I load the Google+ homepage only to be greeted by a post from Kevin Rose about installing the latest version of Apple’s OSX operating system accompanied by 200 comments from people I don’t know. Nothing against Kevin, and I am exited to get the latest version of OSX too, but if there is a message for me from a friend or family member then that should be ranked higher than anything else and be front and centre when I visit the site. If it weren’t for the notification drop down in the Google bar I’d have no way to view the message.

If there was a minimise button to close the ginormous comment list that might be some consolation, but until this is fixed following popular or famous people seems unworkable. The good thing is that Google+ is apparently still in a closed beta so has time to improve, and no doubt these issues will be worked out as Google rolls out new versions of Google+.

Incentives and the Taiwanese government

by Dave on June 21, 2011

If you’ve lived in Taiwan for any amount of time and bought something that cost more than few thousand dollars ($1000 Taiwan dollars is about $35US/£20UK) then you’ll know that you can sometimes get a better deal when agreeing to pay in cash and not requiring a receipt. Why is this? Because if the seller doesn’t have to provide a receipt then they can avoid paying tax on the sale of the item and essentially sell it ‘under the table’.

To combat this the government has a programme called ‘Unified Receipts’ (in Chinese it’s “統一發票”) which involves a lottery style incentive. It works like this – every receipt has a number on it that automatically enters the holder of the receipt into a quarterly lottery. All you need do is keep hold of your receipts and then when the time comes around check the numbers against the numbers on the government website. It works exactly like a lottery ticket, with sequences of numbers winning incrementally higher amounts of money. Anywhere from a few hundred dollars to thousands of dollars. I have myself won $1000 Taiwan Dollars at times, which can be a good return on spending $30 at a 7-11 on a packet of crisps.

While, as I mentioned above, the incentive might not be enough for large purchases, it does in fact work for 90% of purchases and for purchases which are made in chain stores. The result is that the government can successfully track tax that should be collected and avoid what would presumably be mass tax fraud if consumers weren’t demanding their receipts so they could have a chance at winning in the receipt lottery.

Even though I have a bag full of unchecked receipts next to me that I have no interested in sorting through any time soon, in the government’s eyes their purpose has already been served. I also find myself waiting for receipts out of habit when I am back in the UK. Which often results in awkward situations in which I am holding out my hand waiting for a 15cm x 3cm piece of paper to find it’s way into my palm.

Incentives can work, and this is a great example of them doing so, I would love to see tax figures prior to, and after, this scheme was initiated, it would make a great case study.

How to fix Facebook thumbnail images and description for ‘liked’ posts

by Dave on June 19, 2011

There’s nothing worse than spending a few hours writing a blog post and picking out a decent image only to have it not show properly on Facebook when someone ‘likes’ your post. Most of the time Facebook correctly picks out the image to use for their featured thumbnail, but sometimes it just doesn’t work. According to Facebook you need to make sure the following three meta tags are present to guarantee it works:

1
2
3
<meta name="title" content="Article headline here" />
<meta name="description" content="Article summary here" />
<link rel="image_src" href="http://www.example.com" />

I’ll show you how to get this set up on your WordPress powered blog. If you’re using a different blogging engine/CMS then the instructions will differ, but the aim remains the same – to dynamically insert the above meta tags based on the contents of a post.

The first thing you should do is set up the code for the home page. Since the homepage is a listing of your latest posts there won’t be one specific post to target in on, so instead we’ll at some code that displays the generic information about your blog. Add the following code somewhere in the header section of your website, in WordPress this will be in your theme directory in the header.php file:

1
2
3
4
5
<?php if (is_front_page()){ ?>
  <meta name="title" content="The name of your site" />
  <meta name="description" content="A description of your website" />
  <link rel="image_src" href="<?php bloginfo('stylesheet_directory'); ?>/images/screenshot.jpg" />
<?php }  ?>

Notice that the first line checks to see if this is the front page of your site by using the is_front_page() function, this should work, but depending on how your site is configured you might need to use is_home(). The first two meta tags are self explanatory, the third meta tag is for the image of your website. This can be any image but you’ll most likely want it to be the logo of your website or a screenshot of your home page. Place the image in the images directory located in your theme directory.

Next is the important part, where we ensure that the correct information and image is shown for individual posts.

1
2
3
4
5
6
7
8
9
10
<?php else if (is_single()){
  global $post;
  $image_src = wp_get_attachment_image_src(get_post_thumbnail_id($post->ID), "featured-main");
?>
  <meta name="title" content="<?php echo $post->post_title; ?>" />
  <link rel="image_src" href="<?php echo $image_src[0]; ?>" />
  <?php if ($post->post_excerpt != ""){ ?>
    <meta name="description" content="<?php echo $post->post_excerpt; ?>" />
  <?php } ?>
<?php } ?>

In this snippet of code we first check to see if the current page is the single view of a post, then we dynamically populate the meta tags with information specific to the post being viewed, rather than the generic information we used for the front page above. We then grab the image source for the ‘featured image’ for this post. The featured image functionality requires a fairly recent version of WordPress (2.9 or above), though most modern themes do include support for this and you can customise the thumbnail sizes quite easily (see the code below). You can read more about using it in the post New in WordPress 2.9: Post Thumbnail Images. I don’t want to go into too much detail about it here as the aforementioned blog posts explain it in details, but for ChineseHacks I added something along these lines in functions.php:

1
2
3
add_theme_support('post-thumbnails');
add_image_size('featured-main', 425, 345, true);
add_image_size('post-list', 100, 100, true);

After getting the source for the featured image we populate the ‘title’ meta tag with the post title, the ‘image_src’ meta tag with the URL we got above and then finally we check if there is a post excerpt and if so create and populate the ‘description’ meta tag. The reason that we check if the excerpt is not empty first is to avoid having a blank description, which would occur If you didn’t fill out the excerpt section when creating a new post. This way if you have created a manual excerpt then it will be used, and if you haven’t then Facebook is usually quite good about grabbing an excerpt itself from the first paragraph of your blog post. Though to be sure the description is what you want it’s best to fill out the excerpt field. Read The WordPress excerpt: What, why, how, tips and plugins for a detailed look at excerpts.

Here’s the full code:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
<?php if (is_front_page()) { ?>
  <meta name="title" content="The name of your site" />
  <meta name="description" content="A description of your website" />
  <link rel="image_src" href="<?php bloginfo('stylesheet_directory'); ?>/images/screenshot.jpg" />
<?php }  else if (is_single()) {
  global $post;
  $image_src = wp_get_attachment_image_src(get_post_thumbnail_id($post->ID), "featured-main");
?>
  <meta name="title" content="<?php echo $post->post_title; ?>" />
  <link rel="image_src" href="<?php echo $image_src[0]; ?>" />
  <?php if ($post->post_excerpt != ""){ ?>
    <meta name="description" content="<?php echo $post->post_excerpt; ?>" />
  <?php } ?>
<?php } ?>

5by5 commands the geeky niche neglected by TWiT

by Dave on June 11, 2011

I actually first heard about 5by5 while looking into the 960 grid system last year, the 5by5 website was listed as an example of the 960 grid system in use on 960.gs. 5by5 is a network of podcasts founded by Dan Benjamin, and from what I can gather it’s been running for a year or so. The important thing here is that listening to 5by5 made me realise what I had been missing for so long, and filled the void that for the most part was being neglected by TWiT which seems largely focused on news rather than in-depth analysis.

The formula is simple on 5by5, each show is hosted by Dan and one expert in a particular field. It’s this simplicity that makes it work so well. In each episode we are treated to analysis of some particular part of technology, development, market trend and sometimes even kitchen devices. It’s this kind of in-depth discussion that makes these podcasts so worthwhile. While I can appreciate the value of news programming and light-reporting of events, I always find myself waiting for the next episode of Hypercritcal or Build & Analyse.

That brings me to TWiT. Let me first say that I love the TWiT network and I’ve listened to their flagship show TWiT since it was called Revenge of the Screensavers. When it first started out TWiT was amazing, a panel of journalists with inside knowledge throwing stories and industry information back and forth with interesting guests. But somewhere in the midst of wine-fueled TWiT episodes it was lost. Strategically guided shows became wandering conversation and self promotion. There are a few gems on the TWiT network, This Week in Google, Windows Weekly and Security Now spring to mind, and the reason is obvious – all of these shows follow the same formula that I mentioned above, they have industry experts such as Jeff Jarvis or Paul Thurrott analysing, not just reporting.

In all fairness, I have heard Leo Laporte mention that TWiT will be a tech news network, which is what is does seem to be becoming. At the moment it is occupying the space between mainsteam and niche geek programming. Which means that the market for the latter is now free for the taking by 5by5.

The conclusion? TWiT still has some amazing shows, but it seems to have lost it’s geeky edge. The result is that 5by5 has seemingly risen out of nowhere to take away what TWiT once owned. If TWiT becomes the news network that it seems to be becoming then the two should be able to coexist, it all depends on what route TWiT takes when they get into their new studios. But for now if you want in-depth, interesting and meaningful analysis then without a doubt you should check out 5by5.

Hello world!

by Dave on June 1, 2009

Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!