Echobit

I’ve been struggling with this one for a while now, and after I lost yet another chat log I’ve finally had enough.

When I first started instant messaging way back in the days, I used Windows Live Messenger (or MSN Messenger as it used to be called). Even though Microsoft has added quite a few features that I find irrelevant and completely useless, and file transfers never seem to go any faster than 1 kB/s, I’ve stuck with it for the sake of compatibility with the majority of my IM friends, who also happen to use Live Messenger.

However, over the past few months I’ve noticed a disturbing trend in how Live Messenger stores my conversations: a conversation is only stored to disk once the chat window has been closed. That is, Live Messenger doesn’t log the conversation continuously like any other application would, but instead relies on the user to indicate that he’s finished. Read more…

A while back I noticed an annoying bug in Microsoft Excel 2007. With the release of Office 2007 SP1, I’d hoped the bug would’ve been fixed. Apparently, it hadn’t been. Since I haven’t been able to find anywhere I can report the bug, I’ve instead decided to mention it here with the hope that somebody at Microsoft will stumble upon it.

From time to time, I need to graph data I’ve gathered in my test applications. I tend to use Excel for this since I’ve always got it handy. Usually, I export the data from my application in simple text files and import it into Excel. Depending on the data, I use different delimiters (e.g. white space, tabs, and semi-colons) and Excel lets me define exactly how it should interpret the data. Since I’m in Europe, my regional settings in Windows are set accordingly and because the Office suite draws its regional settings directly from Windows, decimal points are indicated by a comma (,) rather than by a period (.). Fortunately, the Excel Text Import Wizard also lets you specify how it should interpret decimal points (as shown in the screenshot below). Read more…

The other day I stumbled upon yet another website that stored its users’ passwords in clear text. I’m always terrified when I click the Forgot Password? button and they e-mail me the original password – that means they’ve had my password stored in plain text all along.

A while back, I had a discussion with a friend who actually runs a site that does this. When I pointed out the obvious flaw to him, he told me he wasn’t even aware that they stored the passwords like that. I couldn’t help but remind him that a lot of people use the same password across many websites since they find it difficult to remember a different one for each site. As we all know, this is really bad when one of the sites is compromised and a hacker has no trouble tracing back your steps to figure out where you’ve been – especially since most people use the same nickname everywhere.

People who own laptops are able to use their browser’s password cache [1] to remember the passwords for the sites they visit most often. Such users could therefore use a random password if they really wanted since they could just rely on their laptop to fill it in every time they visited the site. (This assumes you always carry your laptop with you, like me).

In response to my earlier ranting, my friend, who has a Ph.D in computer science, told me that using the same password on each website was really the user’s problem, not his, and I think that highlights one of the major problems with the industry these days. They don’t really care much about their users’ security until something bad happens.

Read more…

Many home users own a router these days – not just because of the interest in having wireless network at home, but also because it provides a hardware firewall and the ability to have multiple hosts behind the same public IP address by using NAT (in case the ISP has leased you only a single address). But, despite this huge consumer market, many routers still are not fully RFC compliant and often contain bugs.

These bugs become even harder to fix once an ISP rolls their own firmware based on the hardware vendor’s firmware, and the ISP provides the modified routers directly to their costumers. Then we, as customers, can’t just go straight to the vendor when we’re experiencing a problem since the ISP supplied the router and the vendor therefore disclaims any responsibility for the behavior of it. Furthermore, if you are so lucky to succeed in convincing your ISP that there’s a bug in the router software, chances are that the fix never gets propagated back to the original vendor and thus nobody, apart from the ISP’s customers, benefits from it. One also has to decide whether the developers of the ISP are more competent than the vendor developers, who built the router in the first place. (Sure, the vendor obviously introduced a bug in the original firmware, but they’re probably in a better position to fix it than a third-party developer.)

As a developer of networking software, I rely heavily on my router to function correctly. If I’m testing something and it breaks, I don’t just blame the router right away – and I shouldn’t need to. However, when my code isn’t working and I spend hours trying to figure out why, and it turns out there’s a major bug in the router software then I get annoyed. Read more…

Recently, I had to close one of my bank accounts. When I got to the bank, an employee asked for my debit card, swiped it, and looked up my account. When I told him that I wanted to close my account because I was going abroad, he went ahead and started filling out various forms and asked for my signature. Eventually, he asked for identification and I gave him my driver’s license. Unfortunately, the account had originally been created based on my passport number and so he couldn’t accept any other form of identification. Even worse, though, he had already disabled my debit card so I couldn’t just enter my pin code to verify my identity.

On my way back to my apartment to pick up my passport it occurred to me how odd the entire episode at the bank had been. How could the employee disable my debit card before making sure I was the person I pretended to be? The only reason he didn’t actually go ahead and closed the account was because he needed to withdraw the money, and for that he had to ask for identification. Read more…