del.icio.us/dossy links since November 17, 2005 at 09:05 AM

del.icio.us/dossy (RSS) links since November 17, 2005 at 09:05 AM:

Is it wrong to poison candy? Is it more wrong than stealing?

With the proliferation of wireless computing technology (aka “wi-fi ethernet”) and people freely using other people’s open wireless networks — I have a hard time calling it “stealing” but it is — I started asking myself: is it morally wrong to set up a transparent HTTP proxy that injected malicious scripts into the HTTP response to exploit people’s computers who are using your wi-fi? My gut says that knowingly destroying other people’s computers is wrong, always wrong, even if they’re illegally trespassing on your wireless network and stealing your bandwidth without your permission. But, then I wonder if it’s a framing or context problem. Is it so obviously wrong because it’s happening in an intangible space and all highly theoretical? So, I tried to redescribe the problem in more mundane terms.

What if you were a candy store, and you had a serious shoplifting problem: where people would randomly walk into your store and help themselves to some of your candy without paying for it? Would it be wrong to poison a subset of candy and mark the poisoned goods in such a way that only you could identify them? If a real customer came along and wanted to purchase the candy, you’d recognize it as being poisoned and replace it with a clean version. But, if someone just came along and grabbed it and walked off with it, if they proceeded to eat it, then they got what they deserved? If they didn’t get permission to take your candy, you have no obligation or responsibility as to what happens to them if they steal it, right?

Are the two situations (unauthorized use of wi-fi vs. owning a candy store) really different? Is the aggressive defense mechanism acceptable in one situation but not the other? Are both unacceptable? Should the entire burden of securing a wireless network rest on the shoulders of the owner of the network, or should there be some responsibility and etiquette for people not to just assume that because a wi-fi network is unrestricted that it doesn’t make it open for public use? If I set up open wi-fi and want to signal that it’s open for public use, I’ll include “public” in the SSID to signal it as such.

What do you do with your wi-fi networks? Do you secure yours, or leave it wide open, or what? If you leave yours open, do you have a problem with people jumping onto it and using it? Have you ever had someone use your wireless network and send spam using it, or anything else you’d not want them to do, but you still want to leave it open so that other good people can use it when they need to?

A question to people reading my blog at Blogger: why?

For the past ten months, I’ve been reposting entries from my blog at dossy.org to this blog here at Blogger. I did this to see if it would encourage folks to post comments if they already had Blogger accounts, since due to a large volume of blog comment spam I decided to require sign-in in order to comment. However, there’s been hardly any comments being posted to the Blogger blog, so I wonder how useful it is for me to keep reposting the entries.

Unfortunately, Blogger doesn’t give me any stats about who’s subscribed to my blog’s feeds, so I really have no idea who’s even reading it over there. If you’re reading this over at my Blogger blog, please let me know by either emailing me or leaving a comment either here or in my own blog. I’d like to know why you’re reading it, if you are. If you’re subscribing to its feeds, I’d like to ask you to instead subscribe to my blog’s feeds: RSS 1.0, RSS 2.0, RSS 2.0 comments feed.

If it seems that nobody’s reading the Blogger blog or its feeds, I’ll likely stop reposting stuff there just to save me a bit of time, so if there’s a reason you read it instead of my blog at dossy.org, please let me know.

Calling all AOL employee bloggers!

In the midst of the recent AOL Journals banner-ad debacle, Jason Calacanis (of Weblogs, Inc. fame, who is now a member of the AOL team) asks, “Where are all the AOL bloggers?” He’s compiling a list, hoping to uncover an AOL exec.’s blog in the process. He’s even offered to get an AOL exec. blogging with their own vanity domain and fancy design as incentive!

If you’re an AOL employee blogger, go and leave a comment and self-identify! Microsoft, Yahoo, Google … they’ve all got tons of bloggers. Where’s AOL’s bloggers? There have got to be a few dozen of us, at least, right? Right?

Remote arbitrary code execution vulnerability in MSIE. Anyone surprised?

This article at eWEEK.com is the reason why I’ve switched to using the Mozilla Firefox web browser for everything except a few web applications at work which only work with MSIE.

Read the article, but the gist of it is that a fully up-to-date Windows system, if browsing a malicious site containing the exploit, can be made to execute arbitrary code that the attacker has intended on your system. Quoting from the article:

The proof-of-concept exploit, which is available from the FrSirt site, currently launched the Windows Calculator (calc.exe) but can be easily modified by malicious hackers.

What I’d really like to see is someone modifying the proof-of-concept exploit to instead fetch a copy of Firefox, perform an unattended install of it, then rename IEXPLORE.EXE (the MSIE executable) to something else and replacing it with a copy of FIREFOX.EXE. Of course, I’m sure anyone who did such a thing could go to jail because there’s no distinction made between “good hacking” and “bad hacking” in our lovely legal system. You know, the same legal system that lets killers walk free but makes hackers go to jail.

What do you do with funds left in your HCFSA account?

This year, I decided to take advantage of a benefit that work offers: the Health Care Flexible Spending Account (HCFSA). Basically, you set aside pre-tax dollars to pay for certain otherwise non-reimbursed medical costs which you pay for out of your HCFSA account instead of using after-tax dollars. Without going into detail about taxes, the short explanation is that it’s always better to spend pre-tax dollars than after-tax dollars, so the HCFSA is good, in general.

The trick with the HCFSA is that you have to decide, up front at the start of the year, how much money to put into the account. This isn’t so bad if you already know what your yearly medical costs are, because you know approximately how much you spend. When I enrolled, I didn’t really have a good feel for how much we would be spending this year, so I estimated as best I could. The snag about the HCFSA is that at the end of the year, whatever funds haven’t been spent are forfeited! Yes, it’s “use it or lose it” so it’s important to avoid over-estimating, but under-estimating means not taking full advantage of the tax benefit the HCFSA affords you.

Today, I called to get the remaining balance in the account and it’s just shy of $770. I do have some medical expenses that I can file reimbursements for through the HCFSA which should be around $700, but what do I do about the remaining balance? Should I go and buy a ton of over-the-counter medicines and file for reimbursement to flatten out the account?

Do you have a HCFSA? What do you do at the end of the year with funds that are left in it? Is it better to just under-estimate to ensure there’s never a surplus in the account which you might forfeit when you haven’t spent it?

del.icio.us/dossy links since November 16, 2005 at 09:05 PM

del.icio.us/dossy (RSS) links since November 16, 2005 at 09:05 PM:

del.icio.us/dossy links since November 15, 2005 at 09:05 PM

del.icio.us/dossy (RSS) links since November 15, 2005 at 09:05 PM:

del.icio.us/dossy links since November 15, 2005 at 09:05 AM

del.icio.us/dossy (RSS) links since November 15, 2005 at 09:05 AM:

del.icio.us/dossy links since November 14, 2005 at 09:12 PM

del.icio.us/dossy (RSS) links since November 14, 2005 at 09:12 PM: