Wikipedia:Reference desk/Archives/Computing/2011 September 30

Computing desk
< September 29	<< Aug | September | Oct >>	October 1 >

Welcome to the Wikipedia Computing Reference Desk Archives
The page you are currently viewing is an archive page. While you can leave answers for any questions shown below, please ask new questions on one of the current reference desk pages.

September 30

How do I edit a template?

I tired to edit the template on mass murderers [1], following an RFC [2]. It ruined the Kip Kinkel article. What am I doing wrong? Noloop (talk) 02:26, 30 September 2011 (UTC)

If you ask this question on Wikipedia:Help desk you may get a better response; that's the place for asking questions about how to edit Wikipedia. --Colapeninsula (talk) 10:21, 30 September 2011 (UTC)

You messed up the }} for the end of the #if. Graeme Bartlett (talk) 12:14, 30 September 2011 (UTC)

multiple user e-mail account

Hello. I need to find a web-based e-mail service that allows multiple people on different computers to access a single account. My personal account is on gmail, but its terms of use say that multiple users accessing from different locations is not allowed. What I need is an account that allows four or five people in widely diverse locations to send and receive at the same address. Any recommendations? Thank you. — Michael J 12:54, 30 September 2011 (UTC)

Isn't delegation the answer? You set up the account you want to use - then delegate it to the four or five people? --Cameron Scott (talk) 13:51, 30 September 2011 (UTC)

That works only if everyone who needs to access the account uses gmail for their own account, which is not the case. It doesn't have to be gmail; we just need to have an e-mail address that a small group of people can access, not just an individual. No one of us will have priority over the others. — Michael J 07:06, 1 October 2011 (UTC)

I'm not sure how you'd do that - it's a receipt for disaster anyway for various legal reasons. --Cameron Scott (talk) 10:30, 1 October 2011 (UTC)

OK, thank you. I guess if it can't be done, it can't be done. (But Mr. Scott, I don't quite follow why you believe it would be dangerous.) — Michael J 17:19, 1 October 2011 (UTC)

Wall St. Tickers

Have any of the computers which control the displays of the ticker symbols and numbers at the big exchanges like the NYSE or the NASDAQ, the displays that the significant traders pay attention to and make decisions off of, ever been hacked or displayed wrong numbers at any time? 20.137.18.50 (talk) 14:45, 30 September 2011 (UTC)

Traders do not care what the stock-price says on any ticker. Traders pay attention to bids and call from other registered brokers. The ticker is sort of a time-averaged history or weighted moving average of recent executions weighted by volume. At any given instant, any trader may bid or offer at any price they like. Whether they make a sale at that price depends only on two factors: whether another broker has made a corresponding bid or offer at that price, and the precedence rules that the stock exchange sets for bid/offer exchange.

A more realistic question is: "has any broker ever executed a trade that they wished they had not, due to computer error (including unauthorized access)?" The answer is, "probably every five minutes." Nimur (talk) 17:56, 30 September 2011 (UTC)

Relatedly, wasn't there a case about a year ago (maybe less) of a reasonably large stock market dip being caused (or alleged to be caused) by a computer error? --Mr.98 (talk) 18:00, 30 September 2011 (UTC)

There was something early this year with the London Stock Exchange when they migrated to Linux [3] [4] [5] [6]. I don't know how big of an issue it was, though — frankie (talk) 18:23, 30 September 2011 (UTC)

Flash crash is probably what you are thinking of. Dragons flight (talk) 18:27, 30 September 2011 (UTC)

Yes, that must be it. I didn't know it had been given a rhyming name already. :-) --Mr.98 (talk) 14:31, 1 October 2011 (UTC)

Privacy and Encryption

Being a bit more than paranoid about privacy (in the context of digital security), I find myself annoyed when I have to send some private data over the internet. Let's say I have to send a couple of pictures or some excel sheet with personal financial data to a friend. I can attach them to an email or (if the file is rather large like 1GB) use a service like yousendit. What irks me is that anyone and everyone that info is going to pass through electronically, will keep a copy of the data. And it will lurk around and it will stay there for years...perhaps forever. Google will archive it and someone can see it twenty years later (rather easily I think). To turn the data into meaningless stream of bits, encryption is the obvious answer. Unfortunately the people I am communicating with are not too computer savvy (and not nearly as paranoid about security as I am) so I can't trust them to implement a protocol properly. My question is, is there some sort of a software which can just encrypt any kind of data with something strong like AES-256 but make the output file into an executable (recipients are using windows) so that the decryption algorithm is included with the file. The recipient just downloads the file (a single executable), double-clicks it, types in the key, and voila the pictures are dumped in the folder. I know about winrar but it doesn't really give you a choice of algorithms/strengths to use. In fact I don't even know what algorithm it uses (does anyone know) but it definitely does have the advantage of splitting up the file into smaller chunks. It is also proprietary and just like how the experts have drilled into my head, I try very hard to stay from these proprietary black boxes (no real cryptographer believes in security by obscurity). Its probably super weak and for all I know (remember I am paranoid) there's probably a back-door built into it leaking info to winrar and/or the NSA. I would prefer something small, simple, possibly free and open source. Seems like something like this should already be out there and I will trust open source a bit more (thinking more people would have looked at it so its much harder to build a trap in it). Seems like something easy too. Just something a notch below from writing my own software. I would write my own software but lack the computer science knowledge and the expertise in cryptography to write a safe secure efficient implementation. Something which gives you a choice of algorithms and key strength would be absolutely ideal. Thanks you.128.138.138.122 (talk) 22:02, 30 September 2011 (UTC)

This is not as simple as you want for your non-computer-geek friends, but I would educate them about TrueCrypt and use that. Or WinRAR, where this page says it uses AES encryption with a 128-bit key. Comet Tuttle (talk) 22:25, 30 September 2011 (UTC)

7zip supports AES-256. I don't know about self-extracting exes but it's very easy to install the program in a few seconds, open the encrypted file, enter password, and extract. TrueCrypt is more advanced and designed for strong encryption. It creates virtual encrypted drives with a lot of options for cryptographic algorithms. Both programs are free and open source. AvrillirvA (talk) 22:31, 30 September 2011 (UTC)

If the recipient doesn't use 7-Zip or WinRAR but does use WinZip, you can send an AES-encrypted ZIP. You need to be careful here because there's an older, insecure ZIP encryption standard (not AES-based) that some open-source tools will use if you request "encryption", without so much as a warning. I think that 7-Zip does support AES in ZIP.

(ZIP AES is not proprietary; it's publicly documented as part of the official ZIP standard. RAR's AES implementation is also "documented" in the official UnRAR source code, and I think people have analyzed it. It's fine, as far as I know, though there were weaknesses in earlier versions of the RAR format.) -- BenRG (talk) 00:01, 1 October 2011 (UTC)

Microsoft provide encryption within their applications (including Excel), and this might be sufficient for your purposes, though it is not as secure as some of the above suggestions. I use Word's and Excel's encryption for sending confidential documents, but I haven't fully tested whether Word encrypts embedded images. In all cases, you will need to send the password by a secure method independent of the internet. If you are looking twenty years ahead, then I suggest some form of lengthy "one-time pad" encryption (e.g. your favourite novel with an added lengthy randomiser) because future computer power for cracking existing encryption is unknown. On the subject of paranoia, does anyone know which of the commercially available encryption software packages contains a "back door"? Dbfirs 09:28, 1 October 2011 (UTC)

One-time pads are virtually useless. The hard part of encryption is key management, i.e., making sure the key is available to the good guys when needed, but never available to the bad guys. A one-time pad has to be machine-readable and has to be stored in a location that's inaccessible to the bad guys, and if you can do that then you might as well store the document itself in the same place, unencrypted. A novel can't function as a one-time pad because it isn't random. One-time pads have to consist entirely of independent random bits.

I don't know if Microsoft Office's encryption is any good. It wasn't in the old days (nor was ZIP's), but times have changed.

Your question about back doors is too broad to be answered. There are a lot of snake-oil products out there designed by well-meaning but incompetent people. These products don't have deliberate back doors but might as well because they're very insecure. Excluding those products, I think that most cryptographic software can be trusted. It's much harder than you might think to design a back door into a cryptosystem without people catching on. -- BenRG (talk) 02:52, 2 October 2011 (UTC)

I mentioned one-time pads because they are uncrackable, but I agree that their usefulness is limited, and that a novel is not ideal as a substitute for a one-time pad, though with appropriate randomisation it can be almost impossible to crack without inside knowledge. The problem with current encryption methods is that they assume limited computing power. This might change unexpectedly in 20 years.

By "back door", I was thinking of something like the old Novell network software in which a carefully timed sequence of key presses during boot-up gave admin access without logon, or the "spare password" built into some software for maintenance purposes. Rumours that the NSA have a back door to Microsoft encryption are probably false since their powerful computers can probably crack the encryption (64-bit?formerly 40-bit) in a reasonable very short time. From Office 2007 onwards, Microsoft claim to uses 128 bit AES encryption, and this should be reasonably secure with a decent password. Dbfirs 12:32, 2 October 2011 (UTC)

What of _NSAKEY?Smallman12q (talk) 14:23, 3 October 2011 (UTC)

I had thought encryption would be part of the Office Open XML standard but it seems it's not, it's a Microsoft addition [7]. Either way of course, Microsoft's implementation is closed sourced and proprietary. Microsoft does say they use AES although you can change encryption method [8]. Because of the commercial interest, flaws in Office encryption implementations are usually found if they exist but I believe for Office 2003 (when properly set up, not with the default settings) and the Office Open XML present in 2007 and 2010 encryption there is currently no known flaws [9] [10]. Nil Einne (talk) 05:54, 3 October 2011 (UTC)

Thanks for the interesting links. I've corrected my comments above based on your research. Dbfirs 07:17, 3 October 2011 (UTC)

You're probably looking for something like AxCrypt which creates a password protected executable.Smallman12q (talk) 14:23, 3 October 2011 (UTC)