I haven't gotten much of value done today. I've been to distracted by a webcomic I ran across via boingboing. It's called xkcd. That link is to one of my favorites so far, but there are a lot of them, a lot of them based on very arcane references, and many of them are way funny. A quick warning that there is some adult language and references also.. and make sure you check out the alt-texts.
Started on my security lockdown and had several moments of very happy surprise. My first stop was the desk of the woman I talked about last post and it turns out that she is not only running regular Spybot and AdAware scans, but she keeps her definitions updated as well. Well done, Katy.
When size matters; or, Is vectoring really an option?
It seems to me that webmastering and using Photoshop go hand in hand. Not that I'm a P/S guru by ANY stretch of the imagination, but if I had a nickel for every time I've had to recreate an image, or change the color of an image's background, or do something silly like that... The problem is that I'm really not very knowledgeable about P/S. I never learned how to put celebrity heads on other people's bodies, or to adjust the shadows on a UFO to match the ambient light, so when I have to do something in P/S I wind up spending hours, and not getting what I want really anyway. I remember when I discovered how to select by color range... that was a good day! Anyway, that wasn't the issue today; today it was a size thing.
The office staff have been trying to get some new business cards ordered for as long as I've been here, and it never seems to happen mostly because of the logo. There are a couple of them floating around, and none of them look very good, they're all size or color adjusted versions of what looks like an image scanned from a piece of letterhead. So today our bookeeper/payroll/do-everything-that-no-one-else-wants-to-do expert comes in after having been rebuffed by the printer because she doesn't have the logo in the right format. We looked over the available jpeg files and both agreed that none of them would do, and we tried scanning a copy from an existing business card, and I demonstrated why that wouldn't work, so it was up to us to recreate one using the few tools we had. Fortunately there was a good semblance of one in a word doc, so we at least had something to play with. After poking at it for longer than I should have I passed it back to her, and before long she had it looking pretty good. We pulled it up on my screen, I zoomed in on it, did a screen shot, pasted it into P/S, cropped it down, made the background clear, and voila, we had a pretty good looking logo... except that it was about 12 inches wide... :-P
I tried resizing down to the 3.06 inches wide that would be ideal for the business card, but the fine text was illegible, the edges fuzzy and the font-face pixelated as hell. She called the print shop to see if they could resize it and got the standard answer, "Sure! As long as it's a vectorized graphic!" I really don't know who actually makes vectorized graphics, but I wish they would stop so that all the printing houses would be forced to join us back here on planet earth...
So, I tried zooming back out and going through the copy/paste/crop process again, but before I could get anywhere near small enough the image was already pixelated and unreadable. I tried different file formats (EPS, TIFF, PSD, et al) but no luck... I was about to give up in despair, when I noticed a little option in the image size dialog box called "resample image". I unchecked it, changed the width of the image, and lo and behold, instead decreasing the total pixel count to adjust the image it instead changed the pixel density, so the image was exactly as sharp and clear, just much smaller. I was then able to save the image off in several other formats, getting the size of image I wanted and sacrificing none of the quality, well, maybe not none... but none noticeable. I was very pleased, especially because this solves one of the great P/S mysteries of all time, well at least, to my mind.
The office staff have been trying to get some new business cards ordered for as long as I've been here, and it never seems to happen mostly because of the logo. There are a couple of them floating around, and none of them look very good, they're all size or color adjusted versions of what looks like an image scanned from a piece of letterhead. So today our bookeeper/payroll/do-everything-that-no-one-else-wants-to-do expert comes in after having been rebuffed by the printer because she doesn't have the logo in the right format. We looked over the available jpeg files and both agreed that none of them would do, and we tried scanning a copy from an existing business card, and I demonstrated why that wouldn't work, so it was up to us to recreate one using the few tools we had. Fortunately there was a good semblance of one in a word doc, so we at least had something to play with. After poking at it for longer than I should have I passed it back to her, and before long she had it looking pretty good. We pulled it up on my screen, I zoomed in on it, did a screen shot, pasted it into P/S, cropped it down, made the background clear, and voila, we had a pretty good looking logo... except that it was about 12 inches wide... :-P
I tried resizing down to the 3.06 inches wide that would be ideal for the business card, but the fine text was illegible, the edges fuzzy and the font-face pixelated as hell. She called the print shop to see if they could resize it and got the standard answer, "Sure! As long as it's a vectorized graphic!" I really don't know who actually makes vectorized graphics, but I wish they would stop so that all the printing houses would be forced to join us back here on planet earth...
So, I tried zooming back out and going through the copy/paste/crop process again, but before I could get anywhere near small enough the image was already pixelated and unreadable. I tried different file formats (EPS, TIFF, PSD, et al) but no luck... I was about to give up in despair, when I noticed a little option in the image size dialog box called "resample image". I unchecked it, changed the width of the image, and lo and behold, instead decreasing the total pixel count to adjust the image it instead changed the pixel density, so the image was exactly as sharp and clear, just much smaller. I was then able to save the image off in several other formats, getting the size of image I wanted and sacrificing none of the quality, well, maybe not none... but none noticeable. I was very pleased, especially because this solves one of the great P/S mysteries of all time, well at least, to my mind.
Security blankets...
I've been busily trying to catch up on a year's worth of the Security Now! podcast. If you haven't heard of it you should really (REALLY!!) check it out. Twit Networks - Security Now! I've been a fan of Steve Gibson for some time, so I've really been enjoying listening to extended conversations with him talking about how, for instance, the network stack works, or buffer overruns happen, and, consequently, how malicious code manages to take advantage of the cracks in the system. It's also sobering to learn that the pieces we take for granted really are very insecure.
As an example, despite Steve's constant mantra that we should turn ALL scripting off for ALL sites other than those we specifically white-list, I've been refusing to see the light on this one. That may be at least partially because I've moved almost exclusively to Firefox, where, natively, Javascript is either on or off, there is no trusted vs. untrusted site distinction, (although that is fixed by Giorgio Maone's extension called NoScript). But it is also just because it wasn't clear to me that scripting really posed that much of a danger. My machine is patched, I run a good anti-virus, and two good anti-spy/malware programs, all of which I keep updated and scan with regularly. What dangers could scripting really pose?
Well, check out this article from SPIDYNAMICS on Detecting, Analyzing, and Exploiting Intranet Applications using JavaScript. If the proposal that client-side scripting can "turn on wireless networking and turn off all encryption" doesn't send chills down your spine, then perhaps the idea that malicious javascript can essentially port-scan your local network and often fingerprint the services available on it discriminating, for instance, between an Apache and an IIS web server! This can all be done dynamically, and even if exploits can't be instigated at that time the data collected can be sent back to a repository where it could easily be analyzed for later exploit.
So today I'm working on education to go along with the implementation of a whitelisting policy for allowing scripting. I'm sure the troops will all grumble...
For more on how to implement browser security check out Security Now! Episode #38. Also check out Episode #45 on the HOSTS file and why you want to use a pre-populated HOSTS file (like Spybot S&D's) to help avoid malware.
If you're using XP with SP2, according to Wikipedia's article on the HOSTS file you have to disable the DNS Client service in order for the system to use the HOSTS file. According to an MVPS.org article on blocking parasites using the HOSTS file the problem only occurs when the HOSTS file is in excess of 135Kb (theirs is 493Kb!!).
If you haven't been listening to Security Now!, you're only about a year behind so go listen to them all, preferably in order, you'll learn a lot.
As an example, despite Steve's constant mantra that we should turn ALL scripting off for ALL sites other than those we specifically white-list, I've been refusing to see the light on this one. That may be at least partially because I've moved almost exclusively to Firefox, where, natively, Javascript is either on or off, there is no trusted vs. untrusted site distinction, (although that is fixed by Giorgio Maone's extension called NoScript). But it is also just because it wasn't clear to me that scripting really posed that much of a danger. My machine is patched, I run a good anti-virus, and two good anti-spy/malware programs, all of which I keep updated and scan with regularly. What dangers could scripting really pose?
Well, check out this article from SPIDYNAMICS on Detecting, Analyzing, and Exploiting Intranet Applications using JavaScript. If the proposal that client-side scripting can "turn on wireless networking and turn off all encryption" doesn't send chills down your spine, then perhaps the idea that malicious javascript can essentially port-scan your local network and often fingerprint the services available on it discriminating, for instance, between an Apache and an IIS web server! This can all be done dynamically, and even if exploits can't be instigated at that time the data collected can be sent back to a repository where it could easily be analyzed for later exploit.
So today I'm working on education to go along with the implementation of a whitelisting policy for allowing scripting. I'm sure the troops will all grumble...
For more on how to implement browser security check out Security Now! Episode #38. Also check out Episode #45 on the HOSTS file and why you want to use a pre-populated HOSTS file (like Spybot S&D's) to help avoid malware.
If you're using XP with SP2, according to Wikipedia's article on the HOSTS file you have to disable the DNS Client service in order for the system to use the HOSTS file. According to an MVPS.org article on blocking parasites using the HOSTS file the problem only occurs when the HOSTS file is in excess of 135Kb (theirs is 493Kb!!).
If you haven't been listening to Security Now!, you're only about a year behind so go listen to them all, preferably in order, you'll learn a lot.
Subscribe to:
Posts (Atom)
