Apr 23, 2010

Blippy Exposes Credit Card Numbers Through Simple Google Search

Anyone who didn't see this coming a mile away shouldn't be allowed to have a credit card.

Blippy Exposes Credit Card Numbers Through Simple Google Search: "An anonymous reader writes "In an unfortunate data breach, social media site Blippy has left credit card numbers in clear text, searchable via a simple Google query. The results show the amount spent on a transaction, the location, and the full card number. As of this submission, the issue still hasn't been resolved."
The company's co-founder, Philip Kaplan, told the NY Times, "... when people link their credit cards to Blippy, merchants pass along their raw transaction data – including some credit card numbers – and the site scrubs that information to present just the merchant and the dollar amount spent. But several months ago, when Blippy was being publicly tested, that raw transaction data was present in the site's HTML code, where it was retrieved by Google. Mr. Kaplan said that early on, Blippy started disguising the raw transaction data behind the scenes, but it did not know about the breach until today."

Apr 22, 2010

I hate computers: confessions of a sysadmin


I hate computers: confessions of a sysadmin:

I often wonder if plumbers reach a point in their career, after cleaning clogged drain after clogged drain, that they begin to hate plumbing. They hate pipes. They hate plumber’s putty. They hate all the tricks they’ve learned over the years, and they hate the need to have to learn tricks. It’s plumbing, for goodness sake: pipes fitting together and substances flowing through them. How complicated can it be?

I hate computers. No, really, I hate them. I love the communications they facilitate, I love the conveniences they provide to my life, and I love the escapism they sometimes afford; but I actually hate the computers themselves. Computers are fragile, unintuitive things — a hodge-podge of brittle, hardware and opaque, restrictive software. Why?

I provide computer support all day every day to “users”. I am not one of these snotty IT guys who looks with scorn and derision on people who don’t know what an IRQ is. I recognize that users don’t care about computers. The computer is a means to an end for them: a presentation to solicit more grant money, or a program to investigate a new computational method, or just simply sending a nice note to their family. They don’t want to “use the computer” so much as do something that the computer itself facilitates. I’m the same with with cars: I don’t want to know how an internal combustion engine works or know how to change my oil or in any other way become an automotive expert — I just want to drive to the grocery store!

But the damned computers get in the way of all the things the computers help us do. There’s this whole artificial paradigm about administrator accounts, and security, and permissions, and all other manner of things that people don’t care about. A host of ancillary software is required just to keep your computer running, but that software introduces more complexity and more points of failure, and ends up causing as much grief as it’s intended to resolve.

Computer error messages are worthless.

What sparked this current round of ire was a user’s inability to check for Windows Updates. Windows Update, the program, starts up just fine. But clicking on “Check for Updates” results in an unhelpful message that Windows Update could not check for updates. A meaningless error code is presented to the user, as if he’ll know what to do with that. There’s even a helpful link that says “Learn more about common Windows Update problems”. The list of suggested problems includes a variety of other meaningless error codes, but not the one that this user received. The Windows Event Log, which I know how to access but the user does not, contains nothing instructive. For a normal user, this would be a dead-end with one of two options: ignore the problem and hope nothing bad happens in consequence; or try to repair the operating system using some half-baked recovery method provided by the computer manufacturer or the Windows install disk (assuming they have one).

Another user I support has had nothing but trouble with Adobe Acrobat. Trying to open PDFs from within his browser fails spectacularly. Either the links simply never open, or they open a completely blank page, or Internet Explorer renders an error page suggesting that there’s a network problem! The user can right-click and “Save As” the links to get the PDFs, and I’m thankful that this user understand how to right-click at all, such that he has a viable workaround to the problem until I can find the root cause. But many, many users do not know what the right mouse button is for.

I pick on Microsoft a lot, because I think they do a lot of things fundamentally wrong. But plenty of other companies are just as guilty of bad design, bad implementation, and bad communication with their users. Google’s Chrome browser is cute when it says “Aw snap!”, but that leans the other way in terms of uselessness: it doesn’t give the user any better idea of what might be wrong, and users are left to feel helpless, powerless, and stupid.

Even when things go right, users are left to feel powerless and stupid. Installing almost any program on a Windows based system involves an inordinate number of clicks, all of them just saying “Okay” “Okay” “Okay”. No one reads the click-through EULAs, no one changes the default installation location, and no one selects specific installation options. They just keep clicking “Okay” because that’s what they’ve been trained to do. And then they end up with four extra toolbars in their browser and a bunch of “helper” programs that don’t actually help the user in any way and which they user doesn’t actually want. And they don’t know how to get rid of them.

Computers don’t make sense.

There’s an awful lot to be said about the simplicity and usefulness of installing software on Mac or Linux. In the latter case, you simply drag a file to your Applications folder, and you’re done. Linux package managers do all the heavy lifting without any user intervention. If a Linux program requires additional libraries, the package manager finds them and installs them automatically. In both instances, I can install new applications in a fraction of the time it takes to install something on Windows.

Removing software is another cause of much consternation for users. Again, Mac and Linux make it pretty easy most of the time. Heck, on any Linux system I can enumerate all of the packages installed in seconds with a single command from the package manager (or click of the appropriate button using a GUI for the package manager). But in any Windows machine — even a brand new one with top-of-the-line hardware — it requires long minutes to enumerate and display the installed software; and to make things worse the “Add and Remove Software” control panel item doesn’t actually show you all the installed applications. And removing any particular piece of software is not always a clean operation: cruft is left behind in the filesystem and the registry (don’t even get me started on my loathing of the Windows registry!).

Speaking of filesystems, why is it that a SQL database can find a specific record in a database of millions of records in a fraction of a second, but finding a specific file on your hard drive takes minutes? I’m sure there’s some very real reason why filesystems are so unfriendly to users, but I’ll be darned if I can explain it to any of my users.

Computers are too complex to use.

Average folk might take a “computer class” which instructs them on a few specific tasks — usually application specific (How to use Microsoft Word), as opposed to task specific (How to use a word processing program) — but when experiences diverge from those presented in the class, the user is not well equipped to deal with the situation. How does one interpret this new error message? How does one deal with a recurring application fault?

The pace of change in the computer industry works against users. The whole color-coded ports initiative was a great step toward end user convenience, but that’s not enough when users now need to know the difference between VGA, DVI, and DisplayPort. A lot of the computers that are coming into my office have all three video ports, and the monitors support multiple inputs, leaving users to wonder which one(s) they should use when setting up their PC. I’ve had multiple calls from really smart graduate students who couldn’t figure out how to connect the computer to the monitor. Sure, it’s an easy joke to make fun of these situations, but it’s a damning indictment of the computer industry as a whole, if you ask me.

Like Nicholas, I’ve never had a malware infection on any computer I own; but I’ve helped lots of people — users I support professionally, and family and friends — recover from malware infections. Can you imagine your mother-in-law being able to find and follow these instructions for removing malware? Or worse, knowing about and responding to a botched antivirus update from your AV software?

Computers fail spectacularly, taking all our data with them.

Hardware and software companies know that we use our computers to store information that is important to us. And yet backing up data to keep it safe is still a gigantic pain in the ass. Lots of “enterprise” backup software exists to try to protect us from computer failures (hardware, software, and user errors), and a host of “consumer” solutions vie for our consumer dollars; but frankly they all suck. Why do we need third-party software to protect the investment we’ve made in our computers? Users don’t buy backup software because they don’t expect their computers to fail.

It’s so easy to amass a huge amount of data today — digital photo archives, MP3 collections, and video — that it’s a real pain to reliably back up. Not only is it a pain, it’s expensive. You shell out a couple hundred bucks for a fancy new camera, and you’ll need to shell out a couple hundred more bucks to get an external hard drive onto which you can duplicate all your photos for safekeeping. And then, of course, it takes a long time to actually copy your data from your computer to your external hard drive, and you just don’t have the time or patience to commit to that regularly, so you start to neglect it and them *bam* your computer blows up — hard drive failure, malware infection, whatever — and you lose weeks and months worth of irreplaceable data.

Sure, some computers come with redundant disks, but most consumer-level RAID is a fragile mix of hardware and software, further complicating the setup. Why haven’t reliable, low-cost RAID solutions reached the mainstream yet? Why don’t end users have better access to useful things like snapshots, or ZFS yet?

And what about all the little failures that end users can’t possibly begin to detect or diagnose, like bulged capacitors on their mainboard, or a faulty video card, or wonky RAM?

Computers are overwhelming.

The mind-numbing number of computers available for purchase at any retail establishment right now is enough to cow even the most stalwart bargain shopper. How is a layperson to proceed in the face of row after row of meaningless statistics? Will that extra 0.2 GHz make a demonstrable difference in their use of the computer? Will it give them an extra six months, or even a year, of useful life? Why should a normal user even care about the number of bits in their operating system?

The Laptop Hunters tried to help people find the right laptop, but Sheila’s $2,000 HP isn’t necessarily the best pick of the available options, is it? Sure, AMD is simplifying its brand. But is that enough to really help people find the best product for their need? Will their branding refresh make any difference at all when there’s still five or ten seemingly identical systems on the shelf at the big box retail computer store?

I hate computers.

I know my little rant here is like shouting at the storm: there’s a huge, lethargic industry making gobs of cash on the complexity of the computer era, and there’s little capitalistic incentive to change the status quo. These complaints aren’t new. Many of them have been made for the past quarter century. We try, in our little way, to highlight some of the deficiencies we perceive in the industry as a whole, but that’s about all we can do from here. What are you doing about these problems?

Maybe I’ll become a plumber…

Apr 19, 2010

Use an Ubuntu Live CD to Securely Wipe Your PC’s Hard Drive [Hard Drives]

Use an Ubuntu Live CD to Securely Wipe Your PC’s Hard Drive [Hard Drives]:Click here to read Use an Ubuntu Live CD to Securely Wipe Your PC’s Hard Drive

We've highlighted options for properly erasing your hard drives in the past (some simple, some involving hammers); in a similar vein, our friends at How-To Geek dive into the specifics of securely wiping your hard drive with an Ubuntu Live CD. More »