Sonntag, 6. Februar 2011

Fasterplan

This is a short report about a web 2.0 app I recently discovered. It's called Fasterplan and helps you to organize stuff. In my case I found it to be extremely useful for our weekly basketball games. We always had trouble to find the right amount of people, and usually we did it like this: somebody started an email where he put a list of people which were sure to come. Then, everybody else should put his name on that list. Of course, this meant that more than ten emails were sent around until enough people were found.

With Fasterplan, this is much easier now: I created a so-called Fasterplan billboard (no sign-up was required), in which we placed a poll. Besides polls, things like finding a common date or just leaving a text message can be put to the billboard. The URL of the billboard was sent to everybody else who was supposed to participate. Everybody who has the link to the billboard is free to edit it. He can put his name on the list, leave text messages, put images etc. ... anything that could be useful.

I could imagine Fasterplan to be useful for a bunch of other things. Maybe you have any ideas? Let me know!

Mittwoch, 24. Februar 2010

Take Care With Dropbox

This blog is about a severe privacy problem concerning dropbox. When I posted it to the dropbox forum, some people responded that they have not been aware of this issue and appreciated my comment. Now, some months later, still nothing has happened and I do think it is time to make it public.

It's all about public file sharing. Imagine you have a bunch of photos. An easy way to share them is to pack them into a common zip file named "photos.zip" and upload them to the public folder. Then you generate a public link and send it to your colleagues. After a couple of days you delete "photos.zip" since you don't want to have it public anymore.
Now, one year later, you want to share photos again. Again, you put the files to a zip file called "photos.zip" and share the public link - this time with your family.

Now, did you know, that dropbox uses the same public link as before? That means, even though one year passed, and even though the file has a totally different content - the link is the same! That means, that your colleagues could watch your family photos if they wanted to. Of course, this is just an example... much worse things can happen!

Now, there are a bunch of guys who might say: don't put things into the public folder unless you want to make them public to everybody!

I agree that this is what you should do from now on, since you know about the issue. But, this also greatly reduces the use of public files in dropbox! I do want to be able to share things semi-publicly, that is, with a group of people - but not with everyone. I almost never want to share things with everyone.

To conclude: dropbox should allow us to manage our public links. It should give us the possibility to "unshare" a file. It should never ever reuse a public link for new files.

Freitag, 8. Mai 2009

Claudia Koreck - 's ewige Lem

alles ist so ruhig (bayer.: staat)
so gemütlich und warm
ich lieg in der Wiese
unter einem Baum
ich mach' meine Augen zu
dann schlafe ich ein
ich bin jetzt über den Wolken
und die Welt zieht vorbei

ich höre dein Lachen
ich kenne doch die Stimme
das wird immer lauter
du willst dass ich komme
wenn du mich abholst
wo bringst du mich hin?
sag' ist es schön dort?
und wartet wer auf mich?

und irgendwie, habe ich keine Angst mehr vor dir
ich seh alte Leute aus längst verganger Zeit und ich spüre
alles ist vergessen und alle Fehler vergeben
und ich glaube dass ich da bin - im ewigen leben

und irgendwie, habe ich keine Angst mehr vor dir
ich seh alte Leute aus längst verganger Zeit
und ich spüre alles ist vergessen und alle Fehler vergeben
und ich glaube dass ich da bin - im ewigen leben
und ich glaube dass ich da bin - im ewigen leben
und ich glaube dass ich da bin - im ewigen leben

Samstag, 21. März 2009

A (Very) Simple Method for Automatic Creation of Hierarchical Tag Clouds

Ok, I don't have time for an introduction, so here is the idea - i'll explain it at the example of photos. Note that I did not make a literature research (same excuse - no time), so anything I say might have been published already.

Say you took a bunch of photos:
  1. a bird in Brisbane in 2009
  2. a tree in Brisbane in 2009
  3. a bird in the mountains in 2008
  4. a tree in the mountains in 2008
  5. a sunset in Brisbane in 2009
  6. a sunset in the mountains in 2009
Now, you would attach the following tags to the pictures:
  1. bird, city, 2009
  2. tree, city, 2009
  3. bird, countryside, 2008
  4. tree, countryside, 2008
  5. sunset, city, 2009
  6. sunset, countryside, 2009
A simple tag cloud would look like this:
2008 2009 bird countryside city sunset tree

This example is small and there is no problem with displaying your tags in such a tag cloud. However, once you have to deal with thousands of tags, this approach is not feasible anymore.

So, how can we handle these large tag clouds? My answer: hierarchical tag clouds. Hierarchical tag clouds consist of a kind-of "root" to which several sub-clouds are attached to and so on. Also, we want the hierarchy to be built automatically, without any further effort by the user (besides tagging).

Here is an algorithm on how to generate the root cloud automatically:
  • look for the most used tag
  • put it to the root tag cloud
  • look for the second-most used tag that was not used together with the previous one
  • put it to the cloud
  • and so on

Then, our root cloud would look like this:
2009 2008

By clicking on the cloud, the same algorithm could open a sub-cloud by only using the tags that occur together with the supertag. For instance, clicking on 2009 would open
city countryside

Clicking on 2008 opens
countryside

and so on...

In total, the hierarchy would look like this:
+2009
++ city
+++ bird
+++ tree
+++ sunset

++ countryside
+++ sunset

+2008
++countryside
+++bird
+++tree

Ok, this is really a very simple idea. It may not work very well for folksonomies, that is, tag clouds generated by a bunch of users (such as done in del.icio.us).

Donnerstag, 8. Januar 2009

Dropbox With Personal Encryption

When Dropbox came to public beta in the end of last year it had (and still has) a quite considerable press coverage even in common newspapers. Dropbox gives a simple solution to a non-trivial problem: syncing files across several computers and operating systems. It is free for up to 2GB of storage and can be upgraded to 50GB for about 10$ per month.

There is one caveat, though: who wants to put his potentially confidential data in the hands of an anonymous company? Dropbox uses encryption for both transmission and storage of data (on the Amazon S3 Servers), but the keys are in the hand of Dropbox.

The remedy: personal encryption. In this post, I will compare two approaches:
  1. TrueCrypt (www.truecrypt.org) and
  2. EncFS (www.arg0.net/encfs).

TrueCrypt


Truecrypt is a free open source encryption program that creates file containers which capture a whole directory tree. Once they are mounted they appear to the operating system just as a normal hard disk drive. No information about file sizes, filenames, directory structure etc. is available. It is not possible to see from outside how much data actually resides in the container. Also, true plausible deniability is possible by creating a so-called hidden volume which is mounted depending on which password is entered.
To put it in a nutshell: TrueCrypt is one of the most secure encryption programs available.

The good news: TrueCrypt works with Dropbox. Just put the container to your dropbox and mount it whenever you want to access it. Since only the file changes that actually take place are updated, it is no problem to put even larger volumes to the dropbox - only the file differences will be uploaded.

The bad news - there are some issues to take into account:
  • For very huge containers, there is an annoying offset time before the actual synchronization can take place. My largest container was of the size of almost 10GB, and even with only minor changes to the volume (like creating an empty folder) it took up to 5 Minutes for syncing. This may be due to the fact that Dropbox needs to figure out where changes have actually happened, so some checksums have to be transmitted and compared.
  • TrueCrypt puts an exclusive lock on the container, which means that Dropbox can only sync it once the container is dismounted. Now, imagine you forget to dismount your container on computer A, turn it off, and continue working with computer B. Since changes on A were not uploaded to the dropbox cloud, this will result in a conflict.
    Principally, Dropbox handles conflicts quite well: it creates a copy of the conflicted file in the dropbox and leaves it up to the user to decide which file to take or how to merge the data. However, for huge TrueCrypt containers this feature is a killer: you have to download the whole container to your harddisk before you can resolve the conflict. This can take days for a 10GB volume...


EncFS


EncFS is also a free open source encryption program. In contrast to TrueCrypt, it encrypts each file individually, so there is no need of a huge container file. Encryption works on-the-fly just as with TrueCrypt. Filenames and directory names are also encrypted.
Not being an encryption expert, I would not consider EncFS to be as secure as TrueCrypt. This observation is simply due to the fact that EncFS does provide some information to the "outside": the complete directory structure and the file sizes. For example, this makes it easy to find out if some known software packages are stored.

Besides that, it works much better with Dropbox than TrueCrypt does. Since there is no big container file, no big time offset for small changes occurs. Additionally, the risk of conflicts is reduced dramatically since files are small and can be uploaded quickly before they are edited on another computer. No exclusive lock is put to the files while mounted. Still, there is a risk of conflicts which is equal to the risk of conflicts for normal/unencrypted use of Dropbox.

Of course... there is one big caveat also in this approach: EncFS is Linux only. For those who want to use it within windows in spite of that, there is a more or less comfortable workaround:
  • install a virtual machine like VirtualBox (which is freely available)
  • setup linux + encfs + a samba server on this virtual machine (I used Ubuntu 8.10)
  • mount the encfs directory publicly - in Ubuntu this might look similar to
    sudo encfs --public ~/Dropbox/encfs ~/encfs
Note that for Windows Vista it is somehow difficult to connect to samba shares so be patient... sometimes it helps to use the IP address instead of the netbios share name. Also, if you have a Vista home version, this link might help you out.


Resolving Conflicts with EncFS

Once this works, one further problem has to be considered: even though with this approach conflicts are not more likely to occur than without encryption, they still can occur - for example, if two persons work on the same file at the same time. Or, if a huge file is changed and before the upload is finished it is changed on another computer.
Once a conflict occurs, it is more difficult to be resolved than without encryption. Dropbox will create a renamed file and leave the conflict resolution up to you. The problem is that you won't see this renamed file in the decrypted folder, but only in the encrypted one. So, you have to look into the encrypted folder to find the two files which could be named like "X7cBkyW" and "X7cBkyW.conflicted" (just an example). Then, if you want to see the contents of the conflicted file you have to rename it to the original name (and beforehand rename the original to something else). Then, you can open the unencrypted file. It can also be a bit difficult to actually find which one is the corresponding unencrypted file... filesize or directory structure can be helpful in this step.


Conclusions

EncFS wins over TrueCrypt with respect to usability. You can benefit from Dropbox just as if you would not use file encryption at all.
It is possible to resolve conflicts, however far not as convenient as it would be without encryption. Usually this should not be a problem because Dropbox is designed to avoid conflicts by instantly syncing files to the cloud. Conflicts are most likely to occur once files are shared with other persons, so in this case one should consider not using encryption at all.

Donnerstag, 18. Dezember 2008

Impuesto Especial Sobre Determinados Vehículos de Transporte

Oder kurz "Impuesto de Matriculación", zu deutsch: Zulassungssteuer. Normalerweise wird diese gleich beim Kauf eines Neuwagens erhoben, und der Wagen bleibt bis zu seinem Lebensende zugelassen. Das heißt, kein Spanier muss sich normalerweise damit rumschlagen.
Die Steuer richtet sich einzig und allein nach dem CO2 Ausstoß und dem Verkehrswert des Wagens. Auch diese Steuer bezahlt man per "Autolíquidación", d. h. man berechnet selbst wieviel man bezahlen muss und überweist es ohne dass es vorher kontrolliert würde.

Im Einzelnen sind folgende Schritte notwendig - eventuell gibt es noch mehr Möglichkeiten, ich zeige hier die auf die bei mir funktioniert hat:
  • Die notwendigen Formulare findet man auf http://www.aeat.es/ unter "A destacar" -> "Impuesto de Matriculación". Allerdings braucht man ein installiertes Benutzerzertifikat, und hier beginnen die Probleme...
  • Um das Zertifikat zu beantragen, muss man 1.) bei der "Agencia Tributaria" (sozusagen Finanzamt) gemeldet sein (tienes que estar CENSADO) und 2.) einen Code vorweisen den man unter http://www.cert.fnmt.es/ -> "Ciudadanos" -> "Obtener el certificado" per Eingabe der NIE/DNI was auch immer bekommt.
  • Mit dem Code geht man zu einer Niederlassung der "Agencia Tributaria", meldet sich zunächst an und geht dann zur Zertifikateausgabe
  • Es dauert dann ca. einen Tag bis man das Zertifikat abholen kann
  • Dann muss man es installieren... was nicht ganz einfach ist. Eine genaue Beschreibung für alle gewöhnlichen Browser (ja, es funktioniert auch mit Firefox!) gibt es unter http://www.aeat.es/ -> "A un clic" -> "Certificados Electrónicos". Man darf auf jeden Fall nicht vergessen noch zusätzlich zum persönlichen Zertifikat das Root Zertifikat zu installieren!
  • Hat man das alles hinter sich, kann man unter dem oben genannten Link loslegen mit dem Ausfüllen des Formulares "Modelo 576". Zu beachten gibt es hier dass man die Steuer selbst berechnen muss. Abhängig vom Zeitwert des Wagens ist ein Prozentsatz der vom CO2 Ausstoß abhängt zu zahlen. Aktuell ist unter 120 g/km keine Steuer zu entrichten, zwischen 120 und 160 g/km sind es 4,75% des Zeitwerts. Für einen Fiat Panda Active 1.1 mit 54 PS ergibt das in etwa 120 Euro.
    Das Formular, die genauen Tabellen und sonstige Dokumente von Interesse findet man unter http://www.aeat.es/ -> "A destacar" -> "Impuesto de Matriculación".
  • Die Steuer kann man per Kreditkarte bezahlen, hier ist also nicht extra ein Gang zu einer Bank notwendig - wäre ja auch noch schöner, nachdem man schon mindestens zweimal zur "Agencia Tributaria" laufen musste...

Mittwoch, 17. Dezember 2008

Impuesto sobre vehículos de tracción mecánica...

... oder zu Deutsch: die KFZ-Steuer. In Spanien erhebt sie die "Comunidad Autónoma" in der man gemeldet ist. Die Höhe und der genaue Zahlungsvorgang hängt daher von der "Comunidad Autónoma" ab. Die folgenden Ausführungen beziehen sich auf Valencia.
Die Steuer muss man selbst berechnen und dann an einer Bank bezahlen - dieses Verfahren nennt sich "Autolíquidación", und wird auch bei anderen Steuern (wie z. B. der Zulassungssteuer) angewendet. Bei der KFZ-Steuer funktioniert das so:
  • man lade sich das entsprechende Dokument runter und fülle es aus:
    http://www.valencia.es/ayuntamiento/tributos_municipales.nsf/vDocumentosTituloAux/Autoliquidaci%C3%B3n?opendocument&lang=1&nivel=8
  • Achtung: nicht auf die Festplatte speichern, sondern direkt mit dem PDF-Viewer Browser ausfüllen, sonst kann man es nacher nicht losschicken. Um Probleme zu vermeiden empfielt es sich den Adobe Reader zu verwenden. Internet Explorer geht meistens auch besser als Firefox (leider)...
  • Am Ende auf "Enviar" (= losschicken) klicken
  • Es wird automatisch ein Barcode erzeugt und das Dokument auf drei Seiten aufgebläht
  • Man druckt alle aus und geht auf eine Bank zum bezahlen
  • Die Bank behält eine Seite, die anderen beiden bekommt man abgestempelt zurück
  • Achtung: wenn man nicht zu seiner Hausbank geht, nehmen hier in Valencia die meisten Banken nur an bestimmten Tagen und zu bestimmten Zeiten solche Zahlungen an
Ein paar Hinweise zum Ausfüllen:
  • "Número de Bastidor" ist die Fahrgestellnummer - man findet sie in den Dokumenten von der ITV oder am Fahrzeug selbst
  • "Devengo" ist eigentlich der Zeitpunkt, zu dem man das Fahrzeug überführt oder hier in Valencia kauft (wenn man den Wagen mit deutschem Kennzeichen von jemandem kauft)
  • Irgendwo (das Formular wurde aber anscheinend wieder geändert seit ich das gemacht habe) muss man die "Caballos Valor Fiscales", direkt übersetzt so in etwa "Fiskalische Pferdestärken", eintragen. Ein Fiat Panda 1.1 Active mit 54 PS hat z. B. 9.34 CVPs.
  • Aufgrund dessen wird dann die Steuer berechnet - bei mir hat das das Formular selbst gemacht. Wenn das nicht klappt, es gibt eine Liste in dem Dokument "Ayuda" (siehe obiger Link) nach der man abhängig vom Fahrzeugtyp und vom Trimester in dem man das Fahrzeug zulassen will die Steuer ablesen kann.