Weblog (or Blog)

Tuesday, April 23, 2019

New Way to Generate Web Pages

I am changing to generating my web pages using Blosxom. Blosxom is a Perl script that takes care of generating and organizing weblog posts. It is lightweight and fast. Best of all, it allows me to generate my weblog pages locally on my Macbook Pro and then upload static HTML files to my hosting service. This saves me a little bit of money as my hosting service charges less if I don't use the scripting languages on its server.

posted at: 08:38 | path: /www | permanent link

Monday, August 06, 2018

Your Browser Says the Page is Not Secure

We have all heard the stories of a bank account being cleared out because a hacker convinced the owner to enter personal and account information in a fraudulent website. Ransomware, where a hacker encrypts the files on your computer and then demands money to release them, gets more and more publicity. We are justifiably wary when our browser, whether it be Chrome, Firefox, Safari, Opera, Internet Explorer, or Edge, pops up a message that the web page we are visiting is not secure. But just what does that "not secure" message mean and what action should we take when we get it?

Let's take a step back and talk about how your computer connects to the Internet. We are not talking about your service provider (such as Atlantic Broadband) or whether you connect with a cable or wi-fi. We are talking about the procedure or protocol your browser uses to exchange information between your computer and a computer on the Internet.

When the World Wide Web (WWW) was invented in 1989 there was only one protocol, HyperText Transport Protocol or HTTP. Under this protocol, information -- both the text and images a web page sends you and text and images you might send to a web page -- is sent in its raw, unencrypted form. For example, when you enter your password to sign in to an HTTP site, your browser sends it to the web page in plain text (even if your browser covers it with dots as you type it). Consequently, anyone "watching" your communication, that is, a hacker, can read your password.

It was not long before web site owners realized that they needed an additional protocol to transmit confidential information securely, that is, encrypted or put into code. Thus Secure HTTP, better known as HTTPS, was invented. HTTPS uses additional steps in the communications between computers, called a secure socket layer or SSL. These extra steps do two things: encrypts the information sent between your computer and one on the Internet and requires that the web site have a certificate that verifies that the site is who it says it is. The certificates are issued by companies that have established that they can be trusted. You can imagine that it would not take but one incident of a hacker getting around a given company's certificate to eliminate that company from being considered by other web sites.

Many web sites still use HTTP, as indicated by the site's address beginning with http:// in the address bar at the top of your browser window. Banks, credit card companies, financial companies, pharmacies, and any other site that wants the information exchanged to be confidential use HTTPS, as indicated by https:// at the beginning of the address. An https:// site also has an image of a padlock in the address bar indicating it is secure.

Because incidents of identity theft and other hacker-related crimes are increasing, the major browsers (Chrome, Safari, etc.) began last year to display a "not secure" message if you were asked to enter information, such as a password or credit card number, on an HTTP web page. It has always been good practice before sending confidential information to a web page to be sure that the page address begins with https:// and that the padlock image is displayed. The browser makers just started doing this for you by displaying a "not secure" message when the input form is on a page with an http:// address.

So if HTTPS is more secure, why don't all web sites use it? Two reasons: those extra steps of encrypting the communication and money. The extra steps take time and thus an HTTPS web page loads a little slower than an HTTP page. The SSL certificates must be purchased from one of the trusted certificate authorities by the site owner, so an HTTPS site costs more to operate.

There are, however, companies, such as Google, that want to see all web sites use HTTPS. So this month, Google is changing the latest version of its Chrome web browser to display a "not secure" message for any web page that uses HTTP. The other major browser makers will likely follow suit in the future.

What should you do if you get a message from your browser that a web page is "not secure"? Ask yourself whether you care if a hacker could read the information you are sending or receiving from the web page. If the information is not confidential and you do not care, ignore the "not secure" message. If the information is confidential and you do care, close that web page. And if it's your bank's page, call them and tell them about it.

posted at: 10:32 | path: /www | permanent link

Saturday, May 12, 2018

Should You Disable Javascript?

In a class I was recently taking, we went to a known safe web site to cut and paste some text to work with in the class. The web site, as almost all web sites on the Internet do these days, used Javascript. One of the students could not load the web site because she had been advised by someone to disable Javascript in her web browser as a security precaution. Is this necessary?

In a word, no. But that's not the whole story. Javascript can possibly be used to invade your computer and you do need to be aware of how and how to protect yourself. Here is a good summary article about protecting yourself against Javascript malware. It gets a little technical, so I'll summarize its advice:

  • Keep your browser, any extensions you use within it, and your operating system, whether Windows or macOS, up to date.
  • Be suspicious of any link in an email or text. Make sure the link goes where you think it does by hovering your mouse pointer over it and checking that the address displayed in the popup line in your email program is the same as where the email says it is. Even then, don't click on a link in an email unless you believe it is safe.
  • Run anti-malware software on your computer and keep it up to date.
  • Never click on an attachment to email unless you know who it came from and trust them. Even then, if you were not expecting an attachment, confirm with the sender that they really sent it.
  • Disable Flash and Java in your browser and operating system. (Java and Javascript are two separate, different, unrelated things.)

Yes, that's a lot of work. It's the price of enjoying the Internet today.

posted at: 08:10 | path: /www | permanent link

Monday, April 02, 2018

Basics of Clearing a Browser Cache

If a frequently updated web page that you visit does not appear to change between visits, your browser may be loading an older version from your browser cache. If you also use a publicly-available computer, such as at a library, to access a secure site, some of your information may remain recorded on that computer when you stop using it. To remedy these situations, you may need to clear your browser cache. This post tells you how.

Most of us use one of the major modern browsers to access the Internet: Chrome, Internet Explorer, Firefox, Opera, Safari, or Edge. We also know that sometimes we need to refresh or reload a web page to make sure we are viewing the most up to date version. All of those browsers have the same icon to refresh or reload a page: a broken circle with an arrowhead on one side of the break. Click that and the page reloads. You can also refresh the page with a keyboard shortcut: F5 for the Windows browsers and Command and R keys pressed simultaneously for Mac browsers. But sometimes when you refresh a page that you know has been recently updated, the displayed content does not change. What's up with that? The culprit is the browser cache.

The Internet truly is an amazing thing. Using it, you can sit in your den and read a web page on a computer anywhere in the world. Click on a link in your browser and communications between your browser and the web page begin at, literally, the speed of light. Usually in a matter of seconds, the browser and server (the computer on which the web page resides) talk to each other multiple times to establish that you want to look at a specific page (specified by the link), that the server is who it says it is, and that everything is in place for the server to send all the text, graphics, and videos on the page to your browser, which displays the web page. Amazingly fast. But what if it could be faster?

That's where the cache comes in. The cache is a file on your hard drive that saves all the communications between your browser and the server. Even though the Internet is fast, it is not as fast as retrieving text, graphics, or videos from your hard drive. If you revisit a web page, your browser first checks to see if the information for that page is in the cache. If it is, it loads the page from there and delivers the web page to your screen. The page will be loaded faster than if it was loaded from the server on the Internet.

The problem occurs when the information on the Internet server has changed, but the version in your cache has not. Then, even if you reload the page, it reloads the unchanged version from the cache. So you don't see the changes on the server. The way to resolve this is to delete the version in your cache. This is called clearing the cache. When you click on the page's link after clearing the cache, the page as it exists on the server downloads to your browser. Clearing the cache is done from within the settings of your browser. Each browser has a slightly different way to do it. Here is an article that tells you how to clear the cache in all the major browsers.

You want to be careful what you clear from the cache. As noted above, all the communications between the server and your browser are stored in the cache. This includes cookies, passwords, and your browsing history (a list of all the web pages you have visited). You probably do not want to delete some of that information from your cache as it includes information that you will have to reenter. Each browser allows you to select what information you delete (clear) from the cache. For the outdated web page, you should selectively delete information labeled "page data" or "images and files" or "temporary Internet files." You will then be assured of getting the most recent version of the web page downloaded to your browser.

posted at: 09:51 | path: /www | permanent link

Monday, September 18, 2017

Online Security Today

More and more, our everyday activities are conducted online, over the Internet. More and more, we hear horror stories of identity theft, cybercrime, companies with whom we do business hacked and personal information stolen, and individual's personal computer files held hostage to ransomware. Do you know how best to minimize the chance that you will be one of the unlucky ones who gets attacked by cybercriminals and hackers? Let's talk about the things you ought to do to protect yourself online, whether you are using a computer, a tablet, or a smartphone.

If you only use the Internet for entertainment and maybe a little Facebook or other social networking, you may think that you are not vulnerable. But you are. Every time you put some personal information on the web, you make yourself vulnerable to identity theft. A friend asks for your email address and you post it to her on Facebook. A relative wants your street address and you post it to him on Facebook. Now a hacker has two pieces of important information about you, enough for him (or her, but the fact is that most hackers are male) to take a closer look to see if you are worth the time to pursue. In any event, he may do nothing more than add you to a list of email addresses that he sells to spammers. So now you get more spam.

Hackers collect lots of information automatically by computer, save it into a database, and have the database mix and match the information to put names, street addresses, email addresses, social security numbers, etc. together for the same person. Over time, they accumulate enough information to access your banking and credit card information. It takes years of work to correct an identity theft. Protecting yourself is easier (but not necessarily easy).

Your first line of defense is to keep your operating system, whether Microsoft or Apple, up to date on your computer, tablet, or smartphone. These companies are constantly improving the security of the operating systems and you leave yourself more vulnerable than necessary by not staying up to date.

Use the latest version of a browser to access the Internet. The browser suppliers are also constantly improving the security provisions of their products. If your preferred browser is Window's Internet Explorer, you should be running version 11 (which also means you should be running Windows 7 or later).

Maintain up-to-date security software, such as anti-virus and anti-malware (malicious software) on your computer. The best of these are paid products, such as ESET, TrendMicro, Norton, BitDefender, and McAfee. There are some good free products available, such as Avast, Avira, and AVG. If you are on Windows, at a minimum, you should run Windows Defender. You should only install one anti-virus product on your machine; anti-virus software works so closely with the operating system that if two are installed, they may compete with each other and hang-up your computer, requiring you to re-start it.

Once you are online, your basic line of defense is your account password. Always use a different strong password for each important account. The strength of a password is based mostly on its length, how many characters it has. Your passwords should have at least 12 characters. Length is more important than symbols and punctuation in the password (although many accounts require them). That is, a password like "HOUSE BLUE DINNER WATER" is more secure than "jU?&_2n." (Note: most of the strength meters available on the Internet do not give accurate results.)

So how do you remember all those long, strong passwords? Two ways: keep a dedicated notebook (that is stored securely, away from your computer, when you are not using it) or use a software password manager such as LastPass, 1Password, KeePass, or clipperz (you can search for those on Google or other search engine to learn about them).

Always use two-step authentication if it is available. This authentication adds a second step to logging in to an account. After you enter your password, the authentication process sends a code to your cellphone or to an email account that you own. You have to submit the code to the account to successfully access it. Since the code is being sent to a physical device or email account that you control, someone trying to break into your account will not have access to it. This is not as inconvenient as it sounds as you can register your computer, tablet, or smartphone with the account so it doesn't ask for the second code if you are accessing the account from that device. The intent is to keep others out of your account.

Once you are online, be wary of any link or popup that is not familiar. Be especially wary of any link sent to you on Facebook, Twitter, Instagram, or other social networking site. If you have decided that a site is safe and it asks you to submit personal information, make sure the URL (the Internet address in the address bar of the browser) begins with https://, not just http://. The "s" in the former indicates that information sent to the site will be encrypted, making it much harder to use even if it should be intercepted by a hacker.

posted at: 12:36 | path: /www | permanent link

Thursday, August 24, 2017

Who Invented the Internet

The Internet pervades our lives. There is almost no one whose life is not touched by it. For many of us, the Internet seems like a necessity. We do our banking using it. We get our news from it. We keep up with family and friends over it. We use it for our entertainment. How did it come to be? Who invented the Internet? (Hint: It was not Al Gore, although he did play an important role as a government leader in supporting its creation.)

The answer is that no one person invented the Internet. It was a collaborative creation that evolved over twenty years, from 1962 until 1983. During that time, a number of different technologies were invented by different men. These technologies were the building blocks of the Internet and until each was fully working, they could not be combined to make the Internet we use today.

Even before the specific technologies were developed, there had to be a visionary. In this case, it was J.C.R. Licklider, a psychologist who worked on human-computer interfacing for years. Licklider was inspired in his vision of managing computer information by Vannevar Bush, head of the U.S. Office of Scientific Research and Development during World War II. In July 1945, Bush published an essay in The Atlantic magazine entitled As We May Think. He set forth a vision of how information could be made readily available at a desk, with a means to link different parts of it. Bush was also instrumental in creating the National Science Foundation (NSF), which later played a key role in creating the Internet.

The spark that lit the fire behind America's development of the Internet came from across the seas. In 1957, Russia launched Sputnik. In response, the Eisenhower administration established the Advanced Research Projects Agency (ARPA) under the Department of Defense.

ARPA led the initial efforts to get America into space and to ensure that America remained at the forefront of innovative technology. ARPA worked by funding research at companies such as Bolt Beranek and Newman (BBN) and universities such as MIT and Stanford. After the space efforts were transferred to NASA, ARPA turned part of its efforts to information technology. It established the Information Processing Techniques Office (IPTO).

In 1962, J.C.R. Licklider became director of IPTO. Licklider had for years advocated sharing computers over a network to solve technical and communication problems. He playfully called it the Intergalactic Computer Network. He convinced Ivan Sutherland, Bob Taylor, and Larry Roberts of the usefulness of networked computers. Each of these men headed IPTO after Licklider and carried his vision forward.

Licklider could not develop the network of his vision because the technology was not sufficiently advanced during his tenure at IPTO. By 1966, Bob Taylor decided that it was time. There were other networking efforts going on in the world using different technologies. In fact, the proliferation of incompatible systems was a reason to move forward. Taylor brought in Larry Roberts to head up the effort to build the network, eventually called the ARPANET.

It took three years before the ARPANET connected computers at UCLA and Stanford Research Institute. In October 1969, the first transmission (of the word login) between two networked computers took place. Leonard Kleinrock of UCLA was one of the team present when that first message was sent. He told in an interview how the system crashed when the letter G of login was typed and said, "Yet a revolution had begun."

In a matter of months, network connections were made to the University of California Santa Barbara and the University of Utah. ARPANET, the first computer network, was a reality. Growth was rapid after that, but limited to government, research companies, and universities, because they were the ones with computers, all of which were big, expensive mainframe computers. The widely available, personal computers of today were not invented until 1977.

So did the ARPANET become the Internet? Not exactly. The ARPANET was a single network, even after it expanded to hundreds of computers. The Internet is a network of networks. The key technology of the Internet -- the protocol controlling the connections among computers -- was developed by ARPA. In 1972, Larry Roberts wanted to connect satellite communications to the ARPANET. He gave the job to Bob Kahn, who brought in Vinton Cerf of Stanford University to help him develop the connection technology. It took two years for them to develop and refine the Transmission Control Protocol/Internet Protocol or TCP/IP and another eight years to convince the Department of Defense that it was reliable enough to use. On January 1, 1983, the ARPANET was switched to TCP/IP. This date can be viewed as the birth of the Internet. Cerf has often been called "the father of the Internet."

TCP/IP was public information, developed with taxpayers' money. Others began to use it even before the ARPANET did. The most important of these was the National Science Foundation's NSFNet, launched in 1986. Its goal was to connect every academic researcher in the nation. With government funding, the NSFNet network backbone replaced the ARPANET as the basic network underlying the Internet. The ARPANET was formally shut down in 1989.

By 1991, researchers were sending emails and using the Internet for accessing information using tools such as Archie and Gopher. But it was not easy to find that information and the use of the Internet was small scale compared to what was to come. For in that year, Tim Berners-Lee invented the World Wide Web or WWW and Al Gore sponsored bills to allow commercial enterprises to connect to the Internet. The commercial networks, mainly from the telecommunication companies, became the Internet. Its use exploded because the WWW and web browsers made it easy both to put information on the Internet and to find it. Surfing the Internet became a part of almost everyone's life.

posted at: 12:43 | path: /www | permanent link

Friday, December 02, 2016

Ad Blockers

I formerly used a hosts file to block domains from which ads are served. (If you want to know how to do this, go to this page.) In the past few weeks I've seen a new response from some web sites that pop-up a window that asks to be white-listed or to pay a fee to continue to read. Guess the site owners are tired of not getting their ad revenue. Can't blame them.

posted at: 09:14 | path: /www | permanent link