Evil Flash Cookies

For a long time now we’ve been aware of browser cookies. These are little bits of data that a Web developer can set on your computer to keep track of your visits, or which ads you’ve seen, and things like that. Cookies are regulated by your browser and you can set up rules to reduce the amount that other people learn about your habits.

Way back in the day the makers of Flash realized that it would be handy to store little bits of information on the user’s computer as well. They developed LSO’s, otherwise known as Flash Cookies, to do that. This site uses an LSO so the banner animation doesn’t run every time you change pages. (See my rant about html.)

Advertisers and less benign sites also use LSO’s, and this has people worried. There are fewer restrictions on what LSO’s can do compared to cookies, and management of these little bits of information is not done through the browser. Many people out there in the Wild Wild World of the Web have said “There’s no way to manage them! aaaah! AAAAAAH!” in mildly hysterical voices, but that is simply not true.

So, just how worried should you be? If you do nothing to manage the cookies on your browser, then you probably don’t need to get too worked up about their somewhat-more-evil cousins. You’re already telling the trackers all they want to know. The potential for outright evil is higher with Flash LSO’s, but not that much.

Still, it’s a good idea to control who leaves what on your computer, and LSO’s are a good place to start. There are two complimentary strategies – control what gets saved, and clean up after.

Control What Gets Saved

First, let’s look at how to keep most of the unwanted items from being saved in the first place. This is done by managing the settings of your Flash Player. You do this through a control panel on the Macromedia Web site. You can access this panel any time by right-clicking any Flash on your page (including the banner of this site) and choosing “Global Settings…”. This control panel is written in Flash and when you make changes it will save your settings to your computer – in an LSO file.

Let’s look at what’s already on your computer. Choose the Web Storage Settings panel:

Flash Web Storage Settings Panel

The Web Storage Settings Panel

I cleaned everything out recently, but you can see that since then I’ve been to two places that put Flash cookies on my machine. Only muddledramblings.com is actually storing anything; www.kfox.com had stored something on my machine, but it has since been cleaned up. Even after you clean up a site’s cookies, Flash will remember you were there, and if you set special rules for that site, it will remember them, too.

So at this point the easiest thing to do is probably to make Flash forget everything and clear out all the cookies stored on your machine. If you’re curious you can go down the list and see what’s there. “Delete all sites” is probably your best bet, however.

Now your Flash Player has totally forgotten where you’ve been. It’s a good time to set rules for how Flash should behave when you encounter a new site. Click the “Global Storage” tab:

Flash Global Storage Settings Panel

The Global Storage Settings Panel

Note: these settings will not affect sites that already have storage allocated.

There are two things you can do to limit who puts stuff on your computer. The first is to move the slider to 0 KB. This will force any flash animation to ask permission before storing something on your machine. If you check Never Ask Again, you have effectively turned off all Flash cookies from everywhere. That’s pretty drastic, and may break some of your favorite sites, though.

The second thing you can do is uncheck “Allow third-party blah blah blah”. That allows the Web site you’re visiting to store stuff, but no one else. For instance, let’s say that on this page I had advertising. This setting would allow only Flash from muddledramblings.com to save stuff, but an ad served from eviladvertisinggiant.com would not be allowed. Basically, only Flash that comes from the domain showing in your browser is allowed to store stuff. That way my site will still work correctly but others won’t be able to track you.

Note that in a few cases, Web sites put their own Flash stuff on different servers (there are good reasons for doing this), and this setting might break those sites. You can turn off the restriction temporarily and allow that site to run, then turn the restriction back on. There is no way that I know of to say set the “Allow third-party…” value for a particular site.

OK, now that you’re keeping most of the drek off your machine, it’s time to tackle the other prong in our battle for privacy: cleaning up unneeded LSO’s.

Periodic Cleanup

In general, benign LSO’s only need to save stuff while you’re on the site. When you go back, it’s not going to harm anything if previous data has been deleted. Any information they do store from session to session might just be snooping. For the most part, then, we can just empty out the stored data and never notice a thing.

What NOT to delete
There are two kinds of LSO’s – those set by the flash animation, and those set by the Flash Player to store information about a site. Deleting the second type can actually undermine your security if you’ve made special restrictions for specific sites using the control panel above. Also, for some few sites (pandora.com, in my case), you want Flash to remember your info between visits. As you decide on a cleanup strategy, keep that stuff in mind. There is one LSO used to store the settings you made from the control panel above, and I strongly recommend that you NOT delete it. Both the cleanup methods I mention below preserve that file by default.

Having said all that, don’t let the decisions stop you from moving forward. In the following techniques just using the defaults will work just fine for almost everyone.

BetterPrivacy
This is by far the best solution — If you use Firefox. Users of Firefox have access to BetterPrivacy, which provides lots of options for which LSO’s to clean up when, controlled from a pretty nice user interface. By default BetterPrivacy leaves the Flash Player preferences alone, but if you make different settings for specific Web sites, BetterPrivacy will delete those unless you tell it not to. If you do put special restrictions or grant special permissions to a site, be sure to protect the settings.sol file for that site.

If you keep your browser open pretty much all the time, you can set BetterPrivacy to clean up the LSO’s periodically.

I don’t use Firefox that much. What am I to do? A Web search will tell you there’s a Mac application called Flush, but don’t bother. As of this writing, it’s completely broken. I didn’t find a good solution for non-Firefox Mac users out there, so I made one. You don’t have to thank me, it’s what I do.

Jer’s LSO Cleanup script for Mac
First I set up a simple cron task that just deleted the folders where LSO’s live. That was too ham-fisted, however, since it also deleted beneficial LSO’s, as mentioned above. Then I wrote a little script. I used Python to write it simply because I’d never used Python before, and it seemed more appropriate than php. You are welcome to use the script as well, but there’s a little fiddling involved. Nothing major, but you’ll be using the terminal.

Right-click to download lsoclean.sh here.

OK, now for the fiddling:

  1. Download the file and put it somewhere that won’t clutter up your life. (I used /usr/local/bin/)
  2. (optional) Edit the file to choose your paranoia level and what sites you don’t want to clean up. The default leaves LSO’s from your own computer (for Flash developers) and from pandora.com
  3. Tell the OS that the file is actually a script that it can run. To do this open Terminal.app and type chmod +x /path/to/lsoclean.py. TIP: if you just type chmod +x (with a space after the “x”), then drag the file from wherever you put it into the terminal window, it will automatically fill in the path. Neat!
  4. (optional) The script can now be activated by typing the full path to the file in the terminal, but that’s not very convenient. Better to set up a way to have the thing run every so often. There are plenty of ways, like using AppleScript (ptui) or iCal (which would have been clever of me), but the simplest (if geekiest) is to set up a cron task. You can use CronniX to avoid editing the crontab file directly. Here’s what I did:
    1. Download CronniX here.
    2. Run it. It’s a little… incomplete. Start by clicking “New”
    3. Choose the “Simple” tab
    4. Check the boxes next to Month, Day of Month, Hour, and Day of Week. Leave Minute unchecked and set to 0.
    5. In the command field, put the full path to the script file. (You can copy it out of the terminal window where you dragged the file before.)
    6. Click Apply, then Save
    7. Quit CronniX

    You have now set up the task to execute the script once an hour.

  5. Test: Visit some sites that use flash, and look in ~/Library/Preferences/Macromedia/Flash Player/#SharedObjects/8JA5UY2L (the last bit is random) to see the .sol files.
  6. After an hour, go back and see that they are gone! Hooray!

CronniX

The CronniX UI when everything is set to go.

That was a quite a bit of fiddling for those not versed in the ways of cron, but now you can forget it ever happened. If you find yourself having to reenter information in a Flash-based Web site and it annoys you, add the domain for that site to the list in the script.

If anyone wants to take this little script create a reduced-fiddling version with automator or whatever, I’d love to provide that for download here.

Conclusion

You’ve just struck a blow against invasive advertisers! Hooray! Now the ads you see will be less focussed on what you are interested in. That’s OK, because it nobody’s damn business what you’re interested in. Now you can carry on with your life like none of this ever happened.

3

AiA – White Shadow: Episode 13

Our story so far: Allison is an American high-school student who has transferred to a private prep school in Japan. From the very start things have been surreal; she has transferred to the Japan of anime, where the incomprehensible is normal and transfer students mean widespread destruction.

She finally managed to make some friends but now they have been captured and taken to The Institute. The Institute is either fighting a deadly computer virus that can infect people, or it started the virus, or maybe the Institute doesn’t really know what it’s up to either. All Allison knows is that she has to rescue her friends from the Institute and defeat the virus. Apparently she’s the only one who can. It seems that Allison’s past may be catching up with her…

If you would like to read from the beginning, the entire story is here.

Kaneda couldn’t shake the feeling of deja vu. It had started the moment he walked into the disco with Allison and the others. Only… Allison hadn’t been with them. Yet still he remembered her next to him as they walked past the police cordon, remembered her touching his arm as they went through the door. But she hadn’t been there. He remembered that clearly, as well.

Now it was as if he sat in two pitch-black cells simultaneously, sitting on two cold stone benches, chained to two stone walls, with two headaches threatening to split his cranium in two (or four?). Even the absolute silence echoed twice in his mind. Must be from the concussion, he thought. Seiji was sitting on a bench opposite him.

How did he know that?

“Seiji?” he asked quietly.

“Is that you, Kaneda?” Seiji’s voice echoed double.

“Yeah. Where are we?”

“You really have to ask.”

Kaneda closed his eyes, tried to fight back the pain in his head. Opened them again to admit no light. “I didn’t think the Institute would be so… dungeony,” he said.

“I know.”

“I expected to end up floating in a glass cylinder filled with greenish liquid, or something like that.”

“Well, there’s still time.”

“Yes, there is. Time for the room with no doors.”

“The room with no doors? What the heck is that?”

Kaneda tried to concentrate. “I don’t know.”

“Then shut up about it already.”

They lapsed into silence. It might have been an hour, might have been five minutes in that unchanging place when Kaneda finally said, “She’s coming. Allison is.”

“Quiet, you fool!” Seiji grated out through clenched teeth. “They’re probably listening.”

An idea began to take root in Kaneda’s tortured brain. “They already know,” he said. “They know all about her.”

“You can’t be sure,” Seiji said.

“They must know. They know about her arm that turns into a plasma cannon, certainly.”

“Her… wha?” asked Seiji.

“And they must know about her ability to fly.”

Kaneda thought he could hear Seiji smile in the blackness. Seiji kept his voice serious as he said, “I think you’re right. I think they even know about the… uh… kittens.”

“No!”

“Yes. Her only weakness. When they were marching us in here, it was confusing of course, but I think some of the guards had kitten launchers.”

“Then we are doomed,” Kaneda said.

“Damn!” Allison muttered over her keyboard. She had to find a way to get her friends out of the Institute, but there was no way she was going to win by trying to force her way in. The idea was stupid on the face of it. No, she would have to use her best skill. She had to get into the Institute’s mainframe and learn as much as she could. Maybe she could alter their files and mark her friends for release. Maybe she could learn enough to go to the police. There was nothing she couldn’t hack if she put her mind to it.

Outside, distant thunder rumbled. The wind was picking up, shaking the trees and sending leaves flying. Barometric pressure was plummeting. She could feel it in her bones. She turned back to her work.

She ran another probe, through a series of proxies. It was blocked almost instantly. “Damn and double-damn!” she cried out. Her bag of tricks was running empty.

“Is everything all right, dear?” her aunt called up the stairs.

“Oh, uh… everything’s fine,” she said. “Just practicing my Japanese homework.”

“Well! I’m sure I don’t know what they are teaching you kids these days. Would you like some tea?”

“No, thank you,” said Allison. She turned back to her laptop.

You know what you need. The voice in her head might even have been her own.

She stopped typing. “I can do this by myself.”

Can you? They know every trick you’ve ever used. They’ve studied you.

“Who are they?”

The Institute. The directors. All the peple there. Your friends. They are all one in the Room with no Doors.

“What do you know about my friends?”

More than you ever will. Their hopes, their dreams, their loves, their hates. Their past. The voice paused for a second, then said, Their future.

Allison’s laptop screen had changed to show a shifting pattern of light. She hadn’t even noticed. “It’s my fault they’re in there,” she said. The lights gained intensity, threatened to resolve into one image, then another, but fading before she could make it out. Noises came from the speakers, music and noise and animal sounds, human speech just beyond hearing.

All of this is your fault. I am your fault. And you are my fault.

The color was all around her now, the sounds and even smells became her world. “I have to save them,” she said. “Even if it means…”

You must complete me, White Shadow whispered. And I must complete you.

“Yes,” said Allison. She would die, but her friends would be free. She began to pull up the files for her anti-White Shadow virus. They floated in the air around her, pure abstract symbols. She gasped. Able to see the code this way, able to sense the motion of every bit, the software became a world. She could complete the virus in only a few hours, she thought.

You should probably know that there are five armed men about to burst through your front door.

Hitomi was not surprised when the speaker at the front of the classroom buzzed to life. This was the sort of day when schools exploded.

“Attention students,” the announcer said. The teacher slowly stopped droning whatever lesson he had been on. “This is an emergency announcement. Repeat: This is an emergency announcement.” Whoever was reading the announcement cleared his throat. “Government Scientists have discovered a virulent plague that has already swept through Hokkaido, resulting in massive deaths. The disease moves very quickly and is spread through contact with… kittens, it says here. Kittens.

“In cooperation with the government the Biological Computation Institute has agreed to gather and quarantine all kittens until the crisis is past. Please take all kittens immediately to the closest kitten-gathering station. All kittens will be returned after the crisis is past. Kittens not submitted to quarantine will be destroyed. Students with kittens are excused from class for the rest of the day. That is all.”

A murmur rose in the room as students exchanged confused looks. Kano let out a wail. “My babies!” she cried. “They are just six weeks old!” She fled the room, flanked by her sycophants.

Hitomi scowled. Kano had borne kittens? Most irregular. She stood and adjusted the sword at her side. Surely there was a battle looming. If she could understand out how the kittens figured in, she might even survive.

Appreciating Fonts

The look of this blog when viewed on a Windows machine has always subtly annoyed me. I’ve been using the default font setup for WordPress, which uses Lucida Grande first, and if that is not available it uses Verdana. Verdana to me looks, I don’t know, thin or stretched or something. Loose. Unfortunately most Windows boxes don’t come with Lucida Grande, so Verdana is what most people experience. Today I decided to do something about it.

It’s possible now to tell a broswer to load a font from the Web when displaying a particular page. I could quite easily put @font-face directives in my files, load copies of Lucida Grande onto the server, and I’d be done (except for Internet Explorer, and those people can get by with Verdana). Unfortunately, although technically pretty simple, that course of action would not be legal.

There’s a font on Windows called Lucida Sans Unicode (or something like that) which is very similar to Lucida, but is not nearly as good for italics and bold face. This will be my fall-back solution.

For a while today, however, I thought I might go look for a new font, something that caught the spirit of this blog, yet was easy to read on a screen and had a nice ink density. On top of that, it had to be free or at least reasonably priced, and it had to include good italic and bold versions, and it had to include the wacky Czech diacriticals for those few episodes where I use them, plus the full range of punctuation including a variety of dashes, copyright symbols, and stuff like that.

I came up empty. Making a good font is not at all simple, and the people who make the great ones quite understandably want to be paid for their work. If I found one that measured up to Lucida Grande in usefulness and that would give this site a unique feel, I might be tempted to pony up.

The closest thing I could find was a font called Liberation, which is a favorite in the Linux world. At this writing, those without Lucida Grande will see that font (unless you’re using Internet Explorer). It’s OK, but the text is actually a little smaller for the same font size. That certainly is annoying. I haven’t looked at the text on enough different screens to know for sure, but I think right now the lettering is too small.

How’s it looking for you, my windows-using readers? Do you have any favorite fonts? I think with screen resolutions improving, it’s even possible to consider a serifed font these days.

Novel: A Novel

According to the back cover of the book, George Singleton is a ‘master of the comic short story’. He has been published in some pretty impressive places, and I like humorous prose, so despite some rather negative things my sweetie said about the book, I secretly held hopes that her negative experience was more an issue with Singleton’s style and that I would enjoy the ride.

Novel is written in the first person, narrated by a man named Novel who spends a significant chunk of the story trying to write a novel. Because of a divorce surrounded by an odd series of events, he finds himself in the backwater South Carolina town of Gruel. Gruel is populated by an odd assortment of characters, but it is a dying town. The locals are convinced that Novel’s novel will put them on the map, and rekindle the economy of the town.

The book is written in a rambling, meandering style that took me along with it. Believe me, I know rambling. The opening two-thirds of the book is about our narrator bumbling along, becoming increasingly paranoid, and telling and retelling his history — which changes, evolving in a very interesting way. There’s a lot of foreshadowing in the opening 75%, which is to say we haven’t really got to the plot yet.

Mr. Singleton’s humor shows through, as do his short-story leanings. In a short story he wouldn’t have had time to beat some of the jokes into the ground with such force. (For instance, his adoptive older siblings are named James and Joyce, and “James, Joyce, Novel” is worked pretty hard.) Other parts seem like they’re in there to set up some sort of comic payoff, but never come through.

One of the jokes Singleton beats on quite often is “Books about writing novels say never to do…” and then in the next sentence he breaks that rule. He breaks a lot of rules in this book, and seems to think that pointing out that he knows he is breaking the rule makes it all right. Usually what he accomplishes is to demonstrate by counterexample that the rules exist for a reason. Rules are made to be broken, but not just so you can point at the rule like a proud three-year-old who just broke a vase.

The town has secrets, lots of secrets. As we learn more about the people of Gruel, we discover that they are not the simple, na├»ve country bumpkins we first thought. Oh, no, not at all. That’s pretty cool. But wait — under a veneer of obtuseness, their plan for Novel is woefully simple-minded. How do these savvy people ever buy into it? The contradiction is never resolved, in fact, Singleton is caught in his own trap. All the characters he introduces are against the grand scheme for Novel. He can’t show us any of the people who think the plot is a good idea, because they would betray the inherent contradiction.

At the end, lots of things happen. Everything comes to a head, people are coming out of nowhere (James and Joyce? But why?), and our boy Novel is in the thick of it. Then a Huge Coincidence occurs, and everyone shrugs and goes home again, nothing changed, nothing resolved, and a lot unexplained; humor pistols loaded in the first act lie undischarged in the third.

The book grinds to a stop leaving a big a pile of unresolved events that we had passed, that I assumed would have some sort of significance. Just why the hell did the owner of the surplus store want Novel to find the knives buried behind the hotel? As I closed the book, I felt like there was some big explanation I’d missed (notwithstanding the big explanation that was provided). I suspect it never left the author’s head and found its way to the page.

I mentioned in a previous review that just because an author is writing a farce doesn’t mean he can just throw out a new coincidence whenever he loses momentum; everything still has to hang together and make sense in that farcical context. I don’t think Mr. Singleton has learned that lesson yet.

Note: if you use the above link to buy this book (or a Kindle, or a new car), I get a kickback.

2

Things on the Internet that are Totally Cool

I’ve come across a couple of things on the Internet lately that are, well, totally cool. Neither of these things is particularly new, but they are particularly awesome.

DropBox
I found DropBox through my brother; we used it to share audio files for Moonlight Sonata across nine time zones. He would put updates in his folder, and they would appear in mine shortly thereafter. Not bad, but only the beginning.

All my writing is backed up on multiple machines, and on a server somewhere ‘out there’. No matter what computer I sit down to, the latest versions of all my stories are there. Effort required: none. I work on a story, save, and it automagically is updated everywhere else. The scenarios in which I lose work are extreme and hard to imagine. New files? No problem, as long as I save them in my DropBox folder.

For the security-minded, DropBox encrypts all the data they store, so you’re safe from hackers getting your stuff. The DropBox people have the key to the encryption, however, so you are not safe from subpoenas and warrantless government searches (which are common). Fortunately there is nothing stopping you from using your own encryption on the files first, and you will be the only one holding the key. I’m looking for the perfectly transparent, free, multiple-computer solution for this; when I find it I’ll let you know. Currently I manually encrypt sensitive files.

Edited to add: On the mac, it is quite simple to create a strongly-encrypted disk image. If you use Disk Utility to create a sparse image that’s less than 2GB and put that into your DropBox folder, then you can mount that image and save all your sensitive stuff in there. Works like a charm. I made my image 663 MB, and used AES-256 encryption (stronger is better, I figure).

DropBox is free for a limited amount of storage (2 GB), which is plenty for important text documents; for a small fee your limit can be increased to 50 GB. So far there are no products this simple and slick that you can install on your own server (so you can store as much as you want and control your own security), but that is only a matter of time, I suspect.

Pandora
People have been telling me about Pandora for a long time (in Internet years), but I’ve only recently started using it. It’s sweet! For those even farther under the rock than I am, Pandora is an Internet radio service that decides which song to play for you based on how you’ve responded to the previous songs. You can maintain multiple “stations” that have different kinds of music, based on what you’re up to at the moment or what mood you’re in. Currently I’m listening to a station called “Nirvana”. I chose a band and Pandora took it from there. I rejected a couple of tunes, gave a hearty thumbs-up to others, and off I go.

I’m a little disappointed that there isn’t much music in this list that I’ve never heard before. It seems like this should be a service ideal for helping me discover new bands, but it’s not quite there yet. Pandora seems a little too hit-oriented for my taste, but I’m hoping that over time, if I take the time to give a thumbs-up to stronger but more obscure music, I can deepen the pool of tunes Pandora draws from.

Sure I have a big heapin’ pile of music on my hard drive, and I still use it regularly (in part because Pandora has such a popular leaning), but using Pandora is way easier than sorting all my music into thematic and stylistic playlists that provide variety without straying too far from the stuff I’m in the mood for.

Mac note: The Mac’s ability to turn any part of any Web page into a dashboard widget worked awesomely with Pandora’s player.

Something Else
This article feels like it really should have a third item, but at the moment I can’t come up with one. Sure, there are the Internet game-changers like email and Google, but those are hardly news anymore. What would you put in this spot?

1

Need a Curse Word from the Past

Let’s say it’s 1890 or so (plenty of wiggle room). You’re a young man from a wealthy family, but you’ve been disowned. Good schools, but since then you’ve run with a pretty coarse crowd. Now you are under extreme duress at the hands of some guy who is totally beneath you.

“You ______!” you cry out in anger and frustration. If there were ladies present they would drop their porcelain teacups and faint dead away. Men would take umbrage, while servants scurried about hoping not to be noticed.

Please help me fill in the blank. If there’s a particularly choice word from an earlier time, that’s fine, too. 1900 is about the latest, but even as early as 1700 would be cool.

Thanks!

After the Shoot

Did a photo shoot with Cricket LaFaux last night. At some point I’ll show you some of the pics. Here’s the living room at the end of the evening.

After the Shoot

The aftermath of a photo shoot with Cricket LaFaux

1