26 April 2010

Office 2010

I’ve been using Office 2010 for a few days, and I’ve really only found a few interesting points so far:

1.Google Calendar Sync doesn’t work with Outlook 2010 (yet);

2.Outlook 2010 has adopted the ‘conversation roll-up’ style of Gmail, where it groups all parts of conversation together (by far my preferred view);

3.PowerPoint has a handy feature for creating a photograph slide show very easily;

4.Some of the new PowerPoint styles are quite nice.

That’s it for now – more to follow as I discover things.

UPDATE: A handy tip to solve the Google Calendar Sync problem: run a virtual machine (eg: Windows XP Mode if your version of Windows 7 supports it) and install Outlook 2007 and GCS in the VM. Make sure both versions of Outlook are pointed at your Exchange account. Calendar sync returned!

21 April 2010

Government requests directed to Google and YouTube

An interesting site by Google entitled "Government requests directed to Google and YouTube" is a map showing lists of the numbers and types of requests for information by government agencies.

Australia, per capita, seems to be very high, but as Google notes, a single request might contain multiple matters, so other countries may seem much lower.

Of course, even this data may not be complete, since under some Australian legislation it can be an offence to disclose even the fact that a person has been given a notice to produce documents. An example of this is the Commonwealth of Australia Crimes Act 1914. It is an offence under section 3ZQT to disclose the fact that a notice has been issued under section 3ZQN or 3ZQO. These sections were introduced in the Anti-Terrorism Act (No. 2) 2005 - Schedule 6.

18 April 2010

Cyberspace May 2010


Passwords are a hassle. I use a password manager that has over 300 combinations of usernames, passwords and other details. There's no chance I could remember all that, so I have two alternatives - use a password manager like LastPass or RoboForm, or just use two or three combinations for all of them.

What's wrong with using just a couple of different usernames and passwords? Well, this week I received an email from Atlassian, a software developer, with whom I have an account. Atlassian had a security breach which exposed the passwords for a proportion of their customers. This raised two issues: (1) the passwords shouldn't have been stored unencrypted anyway, and (2) if I was the hacker I would try the same username and password combination from Atlassian at HotMail, Gmail, FaceBook, MySpace and every other popular web site. I bet the hacker will successfully log in in many cases.

The only real answer to this problem is to use a password manager. I can recommend both that I've mentioned, and they both have iPhone clients as well.


One of the interesting sequels to the film studio's recent unsuccessful action against iiNet is that some ISPs have changed the way they deal with infringement notices from reputable copyright management agencies. In the past Exetel has passed on any notices that they've received and blocked the user's acess until they acknowledge "they have received the infringement notice and either complied with it or denied the allegation." Exetel has notified its customers that it will continue to forward any notices, but will no longer take any other action.

Secure connections

You use an encrypted connection known as SSL whenever you connect to your bank or other secure site - you can recognise it because the address starts with https. SSL relies on the bank having a valid certificate certifying that the bank web site really does belong to that bank, and which is recognised by your browser. These certificates are issued by certain organisations, and web browser manufacturers choose to 'trust' these issuers. These 'root' issuers can also choose to trust other issuers, so that these intermediate issuers are effectively trusted completely as well. Firefox trusts well-known issuers such as VeriSign and Wells Fargo, but Windows and thus Internet Explorer also trusts the Hongkong Post Office, AAA Certificate Services, and AC RAIZ DNIE. Who are these organisations and why should I trust them?

A recent paper by C Soghoian and S Stamm (http://files.cloudprivacy.net/ssl-mitm.pdf) paints a scenario in which "government agences may compel a certificate authority to issue false SSL certificates... that can be used to covertly intercept... secure web-based communications." They go on to say that currently available products could be used in such as scenario. The authors have now released Certlock, an add-on to Firefox, which watches for changes in root certificates. Is this a real problem for us now? Probably not, but it does show that SSL is not the panacea we'd like to think it is.

Computer use policies

The New Jersey Supreme Court recently dealt with Stengart v. Loving Care Agency, Inc., No. A-16-09, holding that an employee who used her work computer to access her (web-based) Yahoo! email to contact her lawyers had 'reasonable expectation of privacy'. This was despite having a policy allowing workplace monitoring. This case has a few holes in it, since it involves a 'subjective' expectation of privacy. In this context this meant that the employee thought webmail did not leave content on the computer (it actually does), and she was communicating with her lawyers in relation to a workplace issue. There was apparently some ambiguity in the surveillance policy which led the court to say that she did not waive privilege, and that she was entitled to privacy because she took steps to use an apparently 'private' email system.

I don't think this is a great decision (unless the policy really was hopeless), but it's instructive for the next draft of your or your clients' reasonable computer use policy.

11 April 2010

Jailbreaking your iPhone - iPhone 3.1.3

So you upgraded your new-ish Apple iPhone 3GS to software version 3.1.3, and you lost your jailbreak? There's a way to get it back as long as you meet certain criteria:

  • the version of the iPhone doesn't matter eg: could be a recent MC version;
  • you have previously jailbroken it and you used Cydia; and
  • when you used Cydia you clicked the "Make my life easier, thanks!" link
ToolJail 1.3.2 by Destructor95 will walk you through the steps to downgrade to 3.1.2, by using:

  • Sn0wbreeze 1.5.2. by iH8sn0w (this helps you downgrade to 3.1.2); and
  • BlackRa1n by Geohot (which does the jailbreak)
ToolJail will help you download the files you need.

This is by far the simplest explanation I have seen on the Internet. Plenty of sites try to describe how to do it, but many such as redmondpie.com are a bit circular and are not very clear. However, thanks to redmondpie.com for bringing ToolJail to my attention!