Cory Bohon

Something that a lot of people don’t pay much attention to is wireless access points. Many people will connect to any wireless access point and begin checking their email, bank accounts, and go to other online services without giving much thought to their wireless surroundings.

But, here’s the thing … no matter if you’re connected to a 100% trusted wireless network, your information and security could be at risk no matter the operating system you’re using: Windows, Mac, Linux, it doesn’t matter.

The insecurity comes from the way a network operates. Generally, wireless networks work in a logical BUS topology, which means that any data response is sent to all computers on the network, but only the computer the data was addressed to will accept it and other computers will disregard the data.

If you have some specially designed software on your computer, like Wireshark, then you can “sniff” the packets (small chopped up bits of data) being sent and received from other computers on the network you’re connected to. By doing this, you can see in plain sight any data (passwords, bank account numbers, usernames, messages, etc.) that is being sent as plain text. Most websites generally send sensitive account information in this fashion, too. This will work on both wired and wireless connections, mind you.

Take the screenshot below. This is from my home wireless network that I was connected to. It shows where I was attempting to login to a website using my username and password. Notice how both the username and passwords were sent unsecurely as plain text. If anyone was connected to the network and had an application like Wireshark up and running, they could capture those packets and retrieve my username and password all without me ever noticing.

This is something very important to remember when connecting to wireless networks. What you may think of as a secured access point may be the way in which your important information is stolen unsupectingly.

Protecting yourself
There are ways to protect yourself from this method of data theft, however.

Generally, banks and other websites that maintain personal data use SSL security. This means that data sent or received to your computer and the server you’re connected to is encrypted before being sent. If you’ve ever noticed a small lock in your web browser or noticed that the protocol in the address bar changed from “http://” to “https://” then you’re most likely secured via encryption.

What does HTTP or HTTPS mean?
HTTP stands for Hyper Text Transfer Protocol and it’s the method by which web pages are requested and delivered to your web browser. HTTPS stands for Hyper Text Transfer Protocol Secure and it’s a secure version of the standard HTTP protocol that allows SSL security certificates and other security layers between you and the server you’re connected to.

In addition to checking to make sure you’re connected to a secure website before typing and submitting personal information, you also have a few other options. You could set up a VPN (virtual private network) on a computer at your home that you could connect through to provide a secure gateway for accessing websites while on-the-go. You could also invest in a 3G/4G wireless card for your notebook computer. This would allow you to have a direct connection to an wireless Internet provider (via a more secure cell tower connection). Plans can be pricey, however, which is why some use a VPN connection.

This is one of the reasons I went for the 3G version of the iPad. I’m trying to free myself from using public Wi-Fi where I am only as secure as the content I access and my computer security is only as safe as the people accessing the network.

The problem with this security issue is that anyone and any network is susceptible to the problems. Even if the network features WEP or WPA security measures. If someone can connect to it and open an application like Wireshark, they can begin gathering sensitive information.

What is WEP and WPA Security?
WEP stands for Wired Equivalent Privacy and is an older, less secure way to encrypt a wireless network. WPA stands for Wi-Fi Protected Access and is a newer and more secure way to encrypt a network. Generally, it is better to stray away from WEP encryption because tools exist that can allow anyone to penetrate the network and gain access to your wireless connection.

I wanted to post this because I see a lot of people who nonchalantly connect to public wireless networks and begin surfing to websites that contain sensitive data about that person. I hope that you were able to understand my concern and the reason that I wanted to let you know about this security issue.

If you have any questions, feel free to post a comment below or email me. Also, if you have a computer topic that you’d like me to talk about, feel free to send me an email and I will see what I can do.

Since getting the iPad, it has completely changed where and when I consume media and do different computing tasks. I didn’t know how I would be using the iPad, but as it turns out, I can use it to do everything that I mostly did on my MacBook Pro, only on a slightly smaller device. I have thoroughly enjoyed using Safari, Pages, watching Youtube videos and consuming media (music, movies, etc.). But one thing I was missing was some way to write code and create new webpages.

Then comes Gusto, an application available right now in the iTunes app store for only $9.99 (US). It’s and easy to use tool for using FTP to access a server and edit webpages and files. I’m really enjoying it thus for and its enabling me to edit webpages that I wouldn’t ordinarily be able to do on my iPad.

My only complaint about this application is that I’m currently unable to access any server over SSH file transfer (SFTP). However, the iTunes description does state that this is a forthcoming feature in the application.

So, if you’re into website development and are sometimes away from your computer, make sure to couple Gusto and a Bluetooth keyboard with your iPad for the ultimate and portable website management tool.

I’ve been programming for several years now and every time I start to write a line of code, I think about the documentation that I’ll need to write for either people who could read my code later (comments in code) or the users of my program (user documentation). I’ve seen several programmers both in academia and full-time developers that don’t comment their code. I firmly believe in commenting code for several reasons, but I just wanted to point out a couple reasons as well as some methods that I use in my own code commenting.

Reasons
Commenting for the future
If you don’t comment your code for any other reason, please, please, please, do it for this reason. If you’re part of a large project where you’re constantly updating your code, then this might not be as big of a problem, but if you rarely update your code, you definitely need a record of what things do.

Making sure you comment what things do, what needs to be updated (or fixed), etc. makes life a whole lot easier when you come back to your code down the road. Chances are you’ll be writing so much code that you won’t remember exactly what certain functions do or what a line of code might do.

Another reason to always document code is that you might not be the one working on the same code down the road. Especially if you’re involved in a large project or with a large company. And let’s hope it’s because you were promoted (and not fired for not documenting code ).

Comment the head of documents
I always comment the head of every document in my program (program files, header files, etc.). I use it as a record of the filename, who initially programmed that particular document, the date of initial programming, and a description of what that file does.

In addition to adding the regular doldrum of information at the head of the document, you could also add licensing information such as copyrights, EULA, etc.

Add a log file at the head of the document
Adding a log file at the beginning of your program files can generally be a good place to store information such as a revision log or changes you’d like to make down the road.

Comment Functions and Class Methods
When you comment functions and class methods you’re making a record of what that particular piece of code does. As mentioned by some of the reasons above, this is a good idea if you’re going to be coming back to your code down the road. Plus, if you have multiple people working on a project, this lets others instantly see what your function or method is doing. Look below to see how I comment functions and methods.

Commenting Methods

Commenting the head of a document

Below is an example of how I document all of the headings of my program files.

/*
Filename: MyProgram.java
Author: Cory Bohon
Date: Mar-23-2010
Description: This is the most awesome program you'll find anywhere. Srsly.

Version Log:
1.0.1 - Fixed bugs, added awesomeness
1.0 - Initial release to awesomize the world
0.1 - Beta version of awesomeness -- ADD MORE AWESOMENESS
*/

Commenting Functions and Methods

I like to use the Javadoc method of commenting functions and class methods. I even use it for some C++ code that I do, just simply because I think it’s a really efficient way to document functions and methods. Below is an example of this commenting method.

/**
* Returns the my_name variable
* @param none
* @return a string type with the name of the user
*/
string MyProgram::get_name(void)
{
return my_name;
}

I hope this post has helped some people see why it’s important to document your code. If you’re already documenting your code properly, I hope that you have learned some tips from the ways I’m documenting my code. And if you have any tips for me or some tips that I have missed, please leave a comment, or send me a message on Twitter.

If you’re following my Twitter feed, you probably know that I’ve been ecstatic about a fairly new content management system for Digital Humanists creating digital archives. The web software is called Omeka, and it’s out of the Center for Digital Humanities at George Mason University in Virginia.

Omeka has a rich API (application programming interface) that lets developers and creatives alike create awesome plugins and additional content that flows right along side of the CMS. I have been actively developing Omeka plugins for the past academic year at my university in hopes of making Omeka more accessible to visually impaired people accessing the Omeka archives. The development was sponsored by two grant-related projects that I’m involved with. The first project is LookListenTouch.org which I worked for Fall 2009, and BrailleSC.org that I’m currently working on.

People who are visually impaired generally access websites using screen reading software like JAWS or Apple’s screen reader VoiceOver. This software reads aloud what’s on the screen, but screen readers don’t work well with certain web content, namely Adobe Flash, JavaScript and Java applets. Fortunately, Omeka’s front-end doesn’t rely on any of the technologies, making it pretty accessible out-of-the-box. However, the accessibility plugins I’ve developed expand on the universal design model, making Omeka even more accessible.

The first of the plugins is an Access Keys plugin. This plugin lets the administrator assign Access Keys, which are one-character keyboard shortcuts, to basic Omeka functionality, such as go to the home page, browse by items, browse by collections, skip to next item, skip to previous item, and skip directly to the content. Normally people accessing websites with a screen reader need to listen to a list of menu items each and every time they listen to a page being read, but with the Access Keys model, they can memorize a set of keys, then jump to any page they wish to go to. For example, if you wanted to go to the search page, you can press Control + S and go directly to the search page in Omeka.

Access Keys can provide a ton of usability for user accessing a particular website, making navigation easier than ever before. The thing is, Access Keys have been around since around 1999 — why haven’t they been used before? Well, I’d suggest that’s partially because different web browsers use different modifier keys (i.e. pressing control, command, or shift before pressing the access key in order to activate a link). That’s why BrailleSC.org and LookListenTouch.org is advocating the standardization of modifier keys across different browsers, operating systems, and versions of browsers. This would make life easier for users and developers alike.

Continuing on the idea of Access Keys, I’ve also developed a custom Access Keys plugin that will allow an Omeka administrator to specify up-to 10 URLs and Access Keys that will be available from any page inside of Omeka. For example, you could go to Google.com by pressing Control + G.

Of course, Access Keys are limited to the number of letters and numbers available on the keyboard, so that’s 26 + 10 = 36 available keys. Symbols are not available for assigning Access Keys, and remember that if the shortcut assigned is also a shortcut for the web browser (i.e. in Internet Explorer Control + B is for bookmarking pages), then the assignment will overwrite the browser functionality.

The Last plugin that I’ve completed is one called “TextZoom” that, like its name implies, lets the user enlarge the text on the page. When the admin enables this plugin, they also can specify Access Keys for the enlargement functions. There is five levels of enlargement: default, small, medium, large, and extra large. When a user selects any of the enlargement levels, the settings are automatically remembered for 30-days using a cookie, so when they visit the site again, the text will automatically be enlarged for them. The user can then press the default option to go back to the default site and remove the cookie from their browser.

There are other plugins that I’m working on, including a Google Analytics plugin that will let an administrator look at current website tracking information right from within the admin pages.

Where Can You Get The Plugins?
I have the three plugins mention in detail above available for download at BrailleSC.org/development. I also have the source listed on my own development wiki at CoryBohon.com/development. The plugins are completely open source, so if you wish to take the source code an improve it you can under the terms of the included GNU public license.

If you have any questions about the plugins, you can email me directly at cory [at] corybohon [dot] com or cory [at] braillesc [dot] org.

Getting one step closer to being like Squarespace, Google’s Blogger has a new feature that makes designing your blog much easier. It’s called the Blogger Template Designer and it allows you to create your own templates in a matter of minutes with just a few simple clicks. Pretty nifty considering its price: free.