Martin Geisler Online

I’ve finally managed to convert the news from the [PhpWiki][] era into [Markdown][] syntax and import it into [WordPress][]. So I now have a complete archive of news all the way from the very first post to the five year anniversary post. New posts include my enthusiastic announcement of the WikiWikiWeb, something about the art of writing BETA code (and making it look nice in [LaTeX][] afterwards), my “live” report from The Party, playing with Freenet, handing in the dOvs project, the very first release of PEL, and 97 other more or less interesting tidbits from the last three years!

I’ve imported the news into the “Uncategorized” category, and I will sort it in the next few days. There’s probably also still some quirks left behind from the PhpWiki markup, even though I was able to convert most of it.

The conversion is actually pretty cool — making so-called reference style links in Markdown, and doing word-wrapping too, just to make the source look nice! The code is available for download — if you click on the link, but don’t like regular expressions, then please close your eyes…

The System Security course that I’m currently taking always manages to make my Fridays interesting. Yesterday we heard about security in filesystems, most of which I already knew. But afterwards in the exercise hour we told about skimming, an attack on your credit card when you use an ATM (automated teller machines, those machines where you can withdraw cash from your credit card).

The exercises are actually often more interesting than the lectures themselves, for there we hear some real-world stuff. Yesterday Stefan Frei showed us a presentation about attacks on ATMs, both skimming attacks and other more brute-force attacks where people run away with the entire machine!

Skimming attacks are a relative new form of fraud where people snatch the information stored in the magnetic stripe on credit cards, together with the PIN code. They do this by installing a small camera and a small card reader in the ATM. The fake card-reader is put infront of the real card reader, and the bad guys will thus get hold of the information in the magnetic strip when you insert your card in the ATM. An example taken from a British ATM is shown on the right: at the top you see the original ATM, and at the bottom the ATM with the card reader installed.

See how those fake card readers look very professional and similar to the rest of the machine? We’re not talking about something held together with dutch tape here…

When you input your PIN the camera captures that — with both the magnetic strip and the PIN there’s nothing that prevents them from making a duplicate of your card and then simply walk op to the nearest ATM and withdraw money from your account. A rather scary scenario!

In the presentation we saw some photos of the next generation of skimming devices. The “funny” thing about those is that you cannot see them! They measure just a tiny bit more than your credit card, which means something like six centimeters wide, five milimeters height, and four milimeters deep. And that includes batteries, the card reader, radio antenna, and the circuits to make the whole thing run!

One could think that this is just some weird trick which only occurs in countries far, far away, but no — it happens right here in Switzerland! The first case of skimming has just been discovered in Wallis… So if you still have a magnetic stripe on your credit card, then watch out where you stick it into.

The newer card which uses a chip are not in danger from skimming attacks, since the data stored on the chip cannot be read out without interacting with the chip. The chip uses digital signatures to ensure that it’s really talking with an authorized ATM and not just some rouge skimming device. Of course most of these chip-enabled credit cards still have a magnetic strip on them to be compatible with legacy ATMs, so one still has to be careful…

This much:

(Observant people will see that I’m nerdier than Kristian… :-)

I was wondering: are you guys reading my site online, or are you using of the feeds that are available (RSS 0.92, RSS 2.0, and Atom)? I’m asking because I’ve never used those features myself… For example, what are the differences between the three feeds (more/less information)?

After the migration to mgeisler.net I’ve been busy updating links on my site, and also a bit outsite whenever I found them. While doing so I thought a bit about how the current link structure of the Web works, or rather how it doesn’t always work.

For example: After I started redirecting people using standard HTTP “301 Moved Permanently” headers, smart search engines such as Google automatically updated their links to point to mgeisler.net. I wish that kind of auto-updating links were implemented more often!

The basic problem is that content sometimes more around in Cyberspace, so links need to be updatable. Of course one can just go through all links by hand and update them — and I’ve also partly done so, with the help of some SQL of course.

But the real solution is some kind of indirection. To make it easier for myself to do exactly that I’ve decided to seed the list of links in [PHP Markdown][] with a bunch of often used links. This means two things

1. I can easily change all links to, say, [PHP][] if the needed be. I might decide one day that I would like to have a page here at mgeisler.net describing PHP, with links to my tutorial and other PHP related projects I’m involved in.

   (Hint: I’ve had exactly such a page back in an old version of gimpster.com, and I’ve now been updating lots of stale links pointing to /php/index.php. So the example is very real…)

2. I can make lots of links very conveniently, knowing that they are predefined with a correct URL and title. I can, for example, write something about [Emacs][] and make a link by writing ...something about [Emacs][] and making…. Simple isn’t it?

The seeding is very simple: I’ve just changed the initialization of $md_urls and $md_titles from empty arrays to arrays with the content I want. So for example with

$md_urls = array('gnu' => 'http://www.gnu.org/');
$md_titles = array('gnu' => 'GNU's Not Unix!');

I can afterwards link to the [GNU homepage][GNU] using reference links with gnu as the link label. Just remember that the labels are converted into lower-case before being used — this means that writing [GNU][] works as expected because the label GNU is converted into gnu and then used to lookup the URL and title.

The changes must be made in the beginning of the Markdown function, about 13% into markdown.php.