Kevin Skelly's Software Support Blog

Htaccess is available on the Webadmin server for securing access to folders within your web site. There is a PDF totorial describing this on the OIT Site: How to Password Protect a Web Directory. There’s one for personal web sites (people.umass.edu/xxxxxx, or courses.umass.edu/xxxxxx), and one for departmental web sites (www.umass.edu/xxxxxx). The instructions are the same, but the locations of your files are different in those two scenarios, so we describe it in each of those contexts.

The general steps are:

1. Create the directory you want to be secure, if it doesn’t already exist.
2. Create a file called .htaccess in that directory, with the contents as described in the linked article.
   • This file must contain specific information that you have to supply.
   • You can start by pasting the information from the PDF file into the text editor nano, on Webadmin, but then you will have to fill in the changes, as described in the handout.
3. Use the htpasswd command as described in the handout to create the .htpasswd file with the usernames and encrypted passwords.
4. Some tips:
   1. The .htaccess file has a line that identifies the path to the .htpasswd file. this must be correct. It’s normally the only thing you have to change in the .htaccess file.
   2. Both the .htaccess file, and the .htpasswd file, have to be readable by all.
   3. The directories containing those files also have to be readable by all.

There are a lot of details to this. Usually, after following the steps in the tutorial, I try going to the secured location in my browser, and it doesn’t work. I check out the points in those tips, and I’ve usually forgotten one of those.

Your Apps Are Watching You

“These phones don’t keep secrets. They are sharing this personal data widely and regularly, a Wall Street Journal investigation has found.”

More:
MSNBC
CNet.com
The Register

According to a report by Trend Micro, the education sector is the most affected by malware, with 44 percent of all infections. Also, according to an article in SC Magazine:

Based on the total number of malware samples collected in 2009, Trend Micro estimates that a new piece of malicious software is created approximately every 1.5 seconds. In addition, estimates place the number of unique new malware samples introduced every day at more than 600,000.

Trojans made up approximately 60 percent of new signatures created by Trend Micro during the first half of the year, followed by backdoors and trojan-spyware. Further, the majority of trojans lead to data-stealing malware, the report states.

This is a really cool gadget that gives you lots of information about the wireless networks near you:

http://www.xirrus.com/library/wifitools.php#gadget

There’s a Windows 7 gadget, which installs natively, and there are Yahoo widgets for Windows XP and Mac OS X. You need to install and run Yahoo Widgets to use the Xirrus widget.

Some wireless troubleshooting tips for OS X:

http://osxdaily.com/2007/01/18/airport-the-little-known-command-line-wireless-utility/

http://osxdaily.com/2009/11/24/option-click-the-airport-menu-for-extra-wireless-info/

http://osxdaily.com/2010/07/07/test-wireless-signal-strength-from-the-command-line/

Articles like this are a recurring indication that we are in trouble, security-wise, in the world of computing. Not to mention the growing skepticism about the effectiveness of security software. I recommend a good understanding on the part of every user of a computer of what an effective password policy is for you, and stick to it. But it’s not easy. Beyond that, remember that you are the most likely vector for what infects your computer, so be careful what you click on.

Please do not change your password

“Now, a study has concluded…that instructions intended to spare us from costly computer attacks often exact a much steeper price in the form of user effort and time expended.”

Are users right in rejecting security advice?

“We argue that users’ rejection of the security advice they receive is entirely rational from an economic perspective. The advice offers to shield them from the direct costs of attacks, but burdens them with far greater indirect costs in the form of effort. Looking at various examples of security advice we find that the advice is complex and growing, but the benefit is largely speculative or moot.”

Today’s most popular password? 123456.

http://www.nytimes.com/2010/01/21/technology/21password.html?hp

The trick to getting videos from your media library to show up correctly:

The trick is to make sure there is an address for the FILE URL in the Add Video window before you click INSERT INTO POST.

A favicon is a small image (16×16 pixels) with a .ico filename extension that lives in the home directory of the website. It will display next to the address bar, and on the tab, in your browser. You also have to add some code to the page, within the <head> tag area. There are services on the web to create favicons, some free, and there’s a way to create one in Photoshop. In order to create it in Photoshop, you need to download and install a plugin for Photoshop that will allow images to be saved in the .ico format. It is also possible to use .gif, .jpg, or .png images as favicons, but they reportedly won’t work in Internet Explorer. (I haven’t tested this.)

This page explains how to do it in Photoshop:
http://www.photoshopsupport.com/tutorials/jennifer/favicon.html

This is where you can get the plugin that enables Photoshop to save as .ico files:
http://www.telegraphics.com.au/sw/

Click this link to see the one I created according to these instructions:
http://people.umass.edu/kskelly/

The following link takes you to a page where you can create the favicon online, and then download it. It actually downloads a “package” which is a .zip file containing the .ico file, and an animated GIF (filename extension .gif) that scrolls the same image annoyingly. Note that on the page where you download the file, there is also a little frame on the right with the code you need to insert in the page head. You can copy it from there and paste it into your page code.
http://www.html-kit.com/favicon/

There are others. Google ‘favicon.’

Here are the full set of steps for enabling Google Analytics on your blog:

1. Log in to the administrative dashboard of your blog.
2. Click on the Plugins link on the right hand side of the banner.
3. Click “Activate” to the right of the line with “Google Analytics.”
4. Go to http://www.google.com/analytics/
5. Click the “Access Analytics” button.
6. Click “Add New Profile” in the banner to the right of “Website Profiles.”
7. Enter the URL of your blog. The “http://” is already supplied, so enter e.g. “blogs.umass.edu/username”.
8. Click Finish.
9. Select the string that looks like UA-#######-# and copy it.
10. Now go back to the admin pages of your blog and click on “Settings” in the banner.
11. Click on “Ultimate GA” in the line just below the banner.
12. The box labeled “Account ID” should now have that same number in it, but if it doesn’t, you can paste it in now.
13. Click “Update Options.”
14. After some people have visited your blog, which for me takes a loooong time, you can go back to Google Analytics and click “View report” in the line next to where your blogs website is displayed. This wil take you to the report for your blog and you can see how much activity your blog has seen.