Ant Existentialism

I got bored yesterday and whipped up some cartoons for a friend. Thought I would share them today. The friend likes ants, hence the ant theme. We were also arguing about whether or not ants “think” which is why the first one seems a little, particular. Hopefully they make you chuckle. Click each comic for the full size.

While My Students Take Exams…

…I sit and work on my computer. The KASNEB invigilators (Kenyan English for ‘proctors’), are watching my students while they take their exams, so I don’t really have anything to do. But they want me here. So I am just working away at my personal website and thought it would be hilarious to whip up a favicon. I present, The Jon Monster!!

Black Hawks and Black Storks: Misadventures With Animals

Last Thursday, there were some odd happenings going on here at NYS Mombasa.  I woke up to the sounds of Black Hawk helicopters running laps around my base.  It was weird, especially considering, according to public information, the Kenyan Armed Forces do not possess any Black Hawks.  I am pretty sure I got their profile matched correctly, and they looked like Black Hawks. Continue reading →

Google Docs Has A Big Gaping Security Hole

One of my final projects here as a Peace Corps volunteer in Kenya has been to implement a temporary information sharing platform for volunteers while we wait for a more permanent solution from the angels on high. Due to its speed, stability and bevy of features, we have decided to use the popular collaboration tool Google Docs. I have used it personally, but never on the scale of a Peace Corps program (around 150 users).

This morning, I was reverse engineering the invitation-based security model of Docs with a ICT RPCV friend of mine (whom I thank profusely for his patience), when I noticed a big, gaping, security hole: no matter what email address the invitation is sent to, if there is any Google account active in your browser’s session, then when you click the invitation link, it will link the Docs account to the active Google account, whether you authorize it or not.

This is great if you are clicking the link from a Google account. It just authorizes the account that the email was sent to in the first place. Works like a champ. But what if you use a Yahoo account or non-Google email…

The security concern scenario: A Peace Corps Volunteer (PCV) is sitting in a cyber cafe. The person at the computer before the volunteer forgets to log out of his Google account. The PCV subsequently gets on the computer and checks his Yahoo account, clicking the Google Docs invitation link. That’s all it takes. The owner of the logged-in Google account now has access to the Google Docs.

It’s not a particularly malicious hole. All it takes is for the admin of the Google Docs share to de-authorize the illegitimate Google account, but at the same time, no warning flags would be raised until the illegitimate account attempted to upload a file, which would subsequently be attributed to his Gmail account, and hopefully, catch someone’s eye. In the meantime, the illegitimate account has full access to the share and its information.

A solution to this would be a simple authorization confirmation step, where a dialog is brought up ensuring that, in fact, the user does want to link the currently logged-in Google account to the Docs application. Sadly, I don’t feel like this is really a large issue for Google because how frequently does a situation like this, where we have multiple users running on the same browser session, occur in the West?

N.B. I never ran a check to see if someone else has already discussed this topic, so sorry if this is a repeat.

Ubuntu: A New Style of Linux

I know just yesterday I wrote that I would not be updating my blog for a bit, but with two recent announcements in the Ubuntu-sphere, I felt obligated to chime in with my own two cents. For those who haven’t heard the news, Ubuntu last week announced that it would be shipping version 11.04 with its Unity interface, dropping the traditional GNOME shell that it has used for… ever.

Continue reading →

Gone Fishin’

Image says it all peeps. Life has been really busy these past few weeks. My students have received textbooks for their computer courses, and though each doesn’t have their own set (far too expensive), they have been working hard at absorbing through text everything I have taught them over the past year. They have their national examinations for their first year certification in December. Needless to say, they are a little stressed.

On top of that, I was recalled to Nairobi for Close of Service (COS) medical examinations this past week and next week I will be hosting the ICT session for the new Peace Corps trainees at both training sites. That’s right, our program has grown, and we now train in both Loitokitok and Machakos. I have never been to Machakos, so it will be nice to see a new town. As always, it will also be good to go “home” to Loitokitok, even if only for a couple nights.

In the meantime, I find myself in the village Mitheru, just outside the town of Chuka. I am here helping a volunteer out with some resource creation, as well as using the abundant electricity and lack of distractions to get a lot of other little projects done for various people: a logo here, some consultation there, and some programming to finish it off. Busy indeed. So please, bear with me and my dearth of blog posts, as I have “gone fishin.'”