Desert of My Real Life

{February 4, 2011}   Facebook Security

Robin pointed out an article about Facebook security today that made me think about some things that everyone who browses the web should know about but which the article unfortunately neglects to discuss.  The article is about the fact that, until today, Facebook has been available only through the hypertext transfer protocol (“HTTP”) and not through the encrypted hypertext transfer protocol secure (“HTTPS”).  That sounds a bit technical and boring but if you ever use Facebook on an open wireless network (in a cybercafe, for example), you probably want to pay attention to this particular issue.  If you don’t care about the details of how this works, at least read the next to the last paragraph where I explain all the steps (including one not mentioned in the orginal article) to keep yourself secure when using Facebook.

When you use your browser (Internet Explorer or Firefox are two of many, many examples) to browse the web, you are making connections from your computer to computers all over the world.  That is, when you put an address in the address box or you click a link on a page, you are sending a message from your computer to a computer out on the Internet, requesting some sort of service.  These computers all over the Internet come from many different hardware manufacturers and run many different operating systems.  To make sure that your computer can communciate with that computer out on the Internet, your browser must specify the protocol to use.  A protocol is simply a set of rules that specify a kind of language that the two computers agree to communicate in.  HTTP is one of these sets of rules while HTTPS is a different set of rules.  The difference between these two protocols has to do with security.  If your computer communicates using HTTP, every request for service is sent as plain text which means that if someone can listen to your request (by grabbing your messages from the wireless network, for example), that request can be read.  If, on the other hand, your computer communicates using HTTPS, your request is encrypted which means that someone listening to your request (other than the computer that you’re making the request of) will hear jibberish.

What do protocols have to do with you and Facebook?  Up until today, Facebook has only allowed communication to occur in plain text.  So if someone on the same wireless network as you listened in on your communication with the Facebook computers, they would be able to read everything that you sent, including your username and password.  So anytime you used a wireless network in a cybercafe to check your Facebook account, anyone else within that cafe (who had a bit of technical skill) would be able to capture your username and password.  This vulnerability is not something unusual within computing circles.  And the fact that Facebook has ignored it until now is pretty unconscionable.  A Seattle programmer named Eric Butler decided to push the issue and created a browser extension called Firesheep that made it extremely easy for anyone to capture HTTP messages on public networks.  In response, Facebook has finally allowed HTTPS (encrypted) communication to its computers. 

There are two things you need to do in order to use Facebook securely.  First, you need to change your account settings within Facebook.  The original article that Robin posted explains how to do this.  Go to Account Settings (under the Account menu in the upper right corner) and scroll down the third to the last item in the list, which is called Account Security.  Choose change and check the box that says “Browse Facebook on a secure connection (https) whenever possible.”  But it is really important that you also take a second step in order to be secure when you are browsing on an open network.  Up until today, whenever any of us has started to communicate with Facebook’s computers, we have typed in (or clicked a link to) the following address:  Notice the letters before the colon–HTTP.  We begin our communication with Facebook’s computers in an insecure way.  We then enter our usernames and passwords in an insecure way.  When Facebook then realizes that this is an account that has requested secure communication, it changes the way the two computers communicate with each to HTTPS.  The problem is that we have already sent our username and password in an insecure way.  So the second step you have to take is that when you type in Facebook’s address, you MUST type: so that the communication begins securely.  This second step is the one that the original article neglects to mention.

I set up my account to communicate securely with Facebook whenever possible.  Unfortunately, many applications on Facebook cannot use a secure connection.  That is, every time I play Scrabble or Go, for example, I have to change to an insecure connection.  So for now, I’m leaving my settings so that I communicate via HTTP rather than HTTPS.  I guess I’ll just have to remember to change my security settings before I leave home to use any computer (including my own) on an open public network.  That’s my only option because I’m definitely not going to stop playing my games.

{February 2, 2011}   iTunes Annoyance

I bought a 3rd generation iPod Touch awhile ago and have been an enthusiastic supporter of Apple’s various music players ever since.  I had owned another brand of mp3 player previously but when I made the switch to the iPod, I gained the convenience of the iTunes store.  I think that is one of the main reasons that Apple has maintained their lead in this crowded market.  I spent a few months on a conversion project, ripping all of my CDs so that my iTunes library now contains all of my music.  I subscribe to several podcasts.  I have created a bunch of playlists.  I have purchased a bunch of music and applications from iTunes.  I love my iPod and use it all the time, for all kinds of things.

I just got a new laptop.  And here’s where I have encountered my first annoyance with the way that iTunes works.  What I would have liked to do is simple.  I wanted to install iTunes on my new laptop, plug my iPod into the new laptop and have my entire library downloaded from the iPod to the new laptop via iTunes sync function.  Sounds simple and seems intuitive that that’s the way iTunes would work.   To my surprise, I discovered that this is NOT the way iTunes works.

I downloaded iTunes onto the new laptop without incident.  I authorized my new computer to access my iTunes library and discovered that each library can have as many as five computers authorized to use it at any given moment.  Not a problem since I only have two.  I made sure that my new, blank iTunes library would not overwrite the library on my iPod and started the sync process.  When it was complete, I noticed that hardly any of my music had been transferred and none of my playlists, applications or podcasts had been transferred.  When I looked more closely, I realized the only things that had been transferred were the songs that I had purchased from the iTunes store.  None of the music I had ripped from my CDs had been transferred to the new laptop.  Thinking I had done something wrong, I checked all of the options and settings available and tried syncing again.  No additional items were transferred.

I then searched for a solution and was shocked to discover that what I wanted to do is something that is not easy to do.  The best article I read on the topic is a bit arcane but the gist of it is that Apple has decided that the relationship between your iPod Touch and your computer is primarily a one-way relationship.  It’s easy to get media files from your computer to your iPod but much more difficult to get media files from your iPod to your computer.  The only exception to that “rule” is a media file that you purchased from the iTunes store.

One theory about why Apple has made this non-user-centered choice is that they are trying to appease their corporate partners concerning copyright issues.  That may be the reason but why then would they have made it easy to transfer your iTunes store purchases?  In any case, this should not be as difficult as it is proving to be.  One of the things I tried was to use the iTunes software to make a backup of my library on my external hard drive and then import that backup to my library on my new computer.  But when I tried this option within the software, it would only let me make a backup to a CD or DVD.  I could not choose where I wanted to store that backup–it had to be stored on a disk in my DVD drive.  This would require many, many CDs or DVDs and so I think people are unlikely to really choose this option for backing up their libraries.

My latest attempt (one that I am in the middle of) is to go outside of the iTunes software to use Windows to copy the iTunes folder from my old C: drive to my external drive and then from my external drive to my new computer’s C: drive.  I fear this might not work because of a number of issues that I’ve read about.  If it doesn’t, the articles that I’ve read suggest that I should purchase one of several pieces of software that have been written by third party vendors to help out people in my situation. 

I am very annoyed with Apple at the moment.  This task is a common, reasonable task to want to accomplish.  The choice that they have made here does little to thwart piracy but instead wastes the time of a lot of their honest customers.  Come on, Apple.  You can do better than this.

et cetera