Wikipedia:Reference desk/Archives/Computing/2013 February 27

Computing desk
< February 26	<< Jan | February | Mar >>	February 28 >

Welcome to the Wikipedia Computing Reference Desk Archives
The page you are currently viewing is an archive page. While you can leave answers for any questions shown below, please ask new questions on one of the current reference desk pages.

February 27

Security in Windows 7

Recently I saw a friend of mine start her computer. When she got to the log in screen she entered her password and, after booting into Windows, opened up her browser. When the browser opened with multiple tabs I noticed that several were already logged into various sites. I mentioned to here that it probably wasn't a great idea. She said that it was more secure that way. The reasoning being is that if there is a problem with her computer then her passwords won't be compromised as she doesn't enter them. Is there any truth in that or is it just a false sense of security? CambridgeBayWeather (talk) 01:33, 27 February 2013 (UTC)

Meh. If someone installed a keylogger then it could read typed passwords, so that's probably what she's thinking. But the password stores that browsers use aren't super-secure, so if clever malware were running on her computer then it could probably harvest the credentials that way. And while browsers aren't supposed to send credentials for site A to site B, a modern browser is such a vasty complex beast (with such a large attack surface) that one must worry about malware managing to do that anyway. Really, if malware is already in your computer then your goose is cooked, one way or another. Having the logins stored means she has lower risk of a password being shoulder surfed, but increases the risk that she'll walk away and leave the machine unlocked and her credentials misused by someone physically present. Another risk is backup - if it's a work computer then the password store (locations detailed here) will probably be backed up and/or replicated across the network, again affording an opportunity for the backup medium to be stolen and passwords recovered from it. -- Finlay McWalterჷTalk 01:47, 27 February 2013 (UTC)

I may have misunderstood but I presume the friend means the passwords are not stored on the computer. Rather she uses the option to stay logged in to sites when possible, in other words a cookie with authorisation is the only thing stored on the computer. This does have some risks, notably the Yahoo cross site flaw [1] has had a lot of media attention. And in addition if the cookie is backed up, people could use that to access the account. But they couldn't recover passwords except for passwords stored in email accounts or other places (they could also reset passwords) they have access to or for stupid sites which enable the password to be recovered. I do agree it's a bit silly to rely on this to protect from malware, unless the malware developer is particularly dumb they could just kill the cookie forcing a relogin if they want to get the password. Nil Einne (talk) 04:43, 27 February 2013 (UTC)

I'm looking at this from a physical access point of view. If she's using Firefox and has FF store her passwords in order to autofill them when needed, this is rather insecure. There are a number of programs that can crack a Windows password. Once that's done, the user can then open FF and go to Options > Security > Saved Passwords > Show Passwords. They then have all the sites that she's stored and their login info with passwords. Dismas|^(talk) 06:12, 27 February 2013 (UTC)

Thanks all. I probably should have said that it's here home desktop and she has little worries about someone in the same room as her. I suspect that she was thinking more about keyloggers. CambridgeBayWeather (talk) 10:43, 27 February 2013 (UTC)

One good bit of security advice is to maintain two different web browsers. Using one for 'trusted sites' only where you are likely to want to stay logged in for long periods of time. The other browser to use for sites that you do not know or trust. This means that rogue code from an untrusted site cannot effect a Cross-site request forgery type attack --_nonsense ferret 13:35, 27 February 2013 (UTC)

Statistics from Department for Vehicles don't sync up

If someone has the time to download VEH0124 here you get two excel tables of UK vehicle registrations. My question is why the 2010 sales for the C3 Picasso aren't the same on both and if the 2011 table is likely to be more reliable just for being newer? I work out C3 Picasso sales as 10,025 units on the >2010 list and 10,002 on the >2011 list. If someone can answer that query i would appreciate it. Thanks ツ Jenova20 ^(email) 11:43, 27 February 2013 (UTC)

I disagree slightly on the numbers (I get 9855 registered in 2010 from the 2010 table and 9798 from the 2011 table), but I agree that they don't match up. Having worked in vehicle registration, I think the answer is that neither table can be considered the 'most accurate', rather that each was an accurate reflection of the situation on the date the information was published.

Put simply, the reason is that the database is inaccurate. As the DVLA say in their guidance to the data, "The DVLA database can be regarded as being completely accurate in terms of the number of licensed vehicles and vehicles with a SORN. However, there will be some errors in some of the specific details of individual vehicles." In other words, they know the total number of cars currently registered in Britain, but anything else (how many red cars, how many cars with a 1.6l engine, how many Citroen Picassos) is subject to a certain amount of error. They suggests that 11% of vehicles currently registered have an error somewhere on the registration document. This might be in the keeper's details, or in the details of the car. It would seem that the ~1% discrepancy noted above could quite easily derive wholly from such errors.

Most vehicles registered in the UK are not registered directly by the DVLA, but by 3rd parties - either the manufacturer in the case of cars sold directly from main dealers, or by the retailer in the case of car supermarkets. If the manufacturer registers the car, it is likely a mostly automatic process. When the car is made it has a 'Certificate of conformity' detailing the car's body and engine type, along with the description it is to be registered under. A number from the certificate can be used to automatically populate the registration details (i.e. the DVLA system 'knows' that a car with certificate number 0347594d34 is a Citroen C3 Picasso 1.6HDI SX in blue). However, sometimes the system doesn't work properly and details have to be entered manually, or in the case of car supermarkets, cars are imported that don't match up with UK specifications. In these cases, details are entered manually. This can be a source of error. (I know - I've made those errors!)

Another source of discrepancy could be that cars can be imported from other EU countries after their first registration, but keep their original registration date. For instance, the car supermarket in which I used to work purchased vast numbers (often 100s each month) of ex-rental cars from the Channel Islands. These cars would be about 6 months old when we received them, and would require re-registering onto UK plates. We filled in a V55/5 form (by hand - one for each vehicle!) and delivered the form to our local DVLA office, who would sit on it for about 2 weeks before producing a registration document (V5). The V5 would state the registration date as the date when the car was first registered in Jersey or Guernsey - thus, a vehicle registered on 01/07/2010 in Jersey and re-registered in the UK by me on 01/02/2011 would be noted by the DVLA as a 2010-registered car, and receive a XX10XXX plate. Therefore, if you were to collect statistics on the number of registrations in 2010 on 31/12/2010, you would not see this vehicle on the list. However, re-run the list on 2/2/2010 and suddenly there is an extra vehicle which was registered in 2010. I'm not definitely sure that the DVLA are picking up this discrepancy - it could be that they can filter it out based on 'UK registration date' (another field on the V5), but it's a possibility.

I hope this helps to show why the numbers are not particularly accurate, even if it doesn't help to get an 'official' figure. As far as I'm aware, the figures that are often reported in newspapers and magazines are taken from the SMMT, but I can't reach their website right now, and I seem to recall that you need to be a member to view detailed statistics. - Cucumber Mike (talk) 12:58, 27 February 2013 (UTC)

I should have mentioned - when I spoke about errors in the 3rd paragraph, the point is that there are ways to correct errors that have been made. So, if a C3 Picasso had been registered as a C3, once the mistake is spotted it can be changed. This would have the effect of reducing the number of C3s registered in that year by one, and increasing the number of Picassos by one. If the change was made after the end of the year, it would presumably show up in the statistics.

Such errors are surprisingly easy to make - I can still clearly remember the phone call I had from a distressed customer who'd been pulled over by the police and accused of stealing his newly purchased car. It turned out that when I registered his vehicle I'd made an error by picking up the wrong certificate of conformity, and hence typing in the VIN number, meaning that I'd actually registered a completely different vehicle. When he drove past a police ANPR, it scanned his plate and came up with no tax or insurance on the vehicle - correctly, since the car that should have borne those plates was sitting, unsold and untaxed, outside my office! The police pulled him over, and got his car's details up on their system. That showed that the plates he was using on his car were for a completely different car, and that the VIN number on his car was for one that was not yet registered. In short, it looked to the police like this gentleman had got some plates made up, and then pinched an unregistered car from a dealership. Possibly the only thing that saved him from a very quick trip to the police station was that he was 75 and didn't really look like a car thief! I can tell you, that simple mistake of picking up the wrong piece of paper one day caused me a whole load of extra form filling, letters of sincere apology and trips to the DVLA office to sort it out and promise it wouldn't happen again! - Cucumber Mike (talk) 13:18, 27 February 2013 (UTC)

Thank you very much for the speedy reply Mike. Should i be using only the newest version of the figures in this case (as mistakes may have been fixed) and preceded by a ≥ symbol?

Also i just re-added the figures for 2010 from the >2011 sheet to get 10,002 again. I know it's beside the point but the numbers are: 30, 1301, 27, 203, 3635, 140, 109, 492, 2622, 1269, 34, 140. Thanks ツ Jenova20 ^(email) 14:01, 27 February 2013 (UTC)

Fair enough. I didn't spend long enough adding them up, so I'm sure you're right.

As to which figures you should use, they are both accurate in their own way, but I guess the 2011 figures are the most up-to-date, so they are probably the best ones to use. Having said that, I don't know if they really should be added, for two reasons. Firstly the discrepancies noted above mean that these really are only figures that estimate the number of vehicles registered as Picassos during 2010. That's not the same as the number produced or sold - which would seem to be more useful figures when discussing the success or otherwise of a particular make of car. Secondly, I don't see why particular importance is placed on the UK sales - why single out the UK and not France, the EU, or some other market? Personally, I would show worldwide production and sales figures and leave it at that. Maybe this discussion would be best at the article talk page - I'd be happy to weigh in there if needed. - Cucumber Mike (talk) 15:45, 27 February 2013 (UTC)

Sure! If you create a new header on the talk page we can go through it. Thanks for the assistance ツ Jenova20 ^(email) 16:02, 27 February 2013 (UTC)

Done. - Cucumber Mike (talk) 16:13, 27 February 2013 (UTC)

Problems down loading Wikipedia pages

I am having trouble down loading Wikipedia pages. This has been happening for the several days running. They usually load but only after 5 to 10 minutes this is very unusual. Is this occurring with other users? Do you know what may be going on? Can you help me resolve this problem, or explain what is causing it? I don't believe this is unique to me, and it does not happen with any other pages. I have been having trouble reporting this problem as there does not seem to be a category for problems like this. I would assume others are having this same issue and could use some clarification as well.Inquisitive River Otter (talk) 17:30, 27 February 2013 (UTC)

No, it seems fine for me. Also, I think we'd have heard if substantial numbers of others were having the same issue.

Let's start with the basics. Have you tried using a different browser? Do you have the same issue with any other sites? What about other WMF sites (e.g. [2] or [3])? Have you recently scanned your computer for viruses and/or malware?

For more detailed advice, please post back with: a) Your operating system (e.g. Windows XP, Windows 7, Ubuntu); b) your browser (e.g. Firefox, Internet Explorer, Chrome); c) any patterns you have noticed in this behaviour (e.g. only at certain times of day, started since installing a certain piece of software, happens after visiting a certain site, etc). - Cucumber Mike (talk) 17:52, 27 February 2013 (UTC)

Touch screens

Do you think everything will have a touch screen in the future? Fridges, cookers, mirrors, walls, cars, tables. Clover345 (talk) 19:10, 27 February 2013 (UTC) And why are phone touchscreens so good? Ticket machine touch screens are really unresponsive. Clover345 (talk) 19:19, 27 February 2013 (UTC)

Probably no. It would be easier to wirelessly access any device from a single computer.

Ticket machines are not upgraded every x months, and they need a thicker protective plastic screen. OsmanRF34 (talk) 20:21, 27 February 2013 (UTC)

No we'll be too fat and float around on hover boards, how would we touch the surfaces? We'll have radio control implanted in our heads instead. In other words this reference desk is not for eliciting our speculation or opinions, see the advice at the top of the page. Dmcq (talk) 21:17, 27 February 2013 (UTC)

Modern touchscreens are frequently capacitive, whereas older touchscreens tended to be resistive. Older machines may also use CRT screens which may not be as flat or distortion free as LCD monitors. With CRT screens, the transparent pane which users touch may be a greater distance away from the monitor, and the monitor behind it may be curved, making it more difficult to judge what one is touching. Besides that, older machines (which is what you'll often find used for ticket on public transit, etc.) are obviously going to be using older technology, and the state of the art has changed.  — daranz [ t ] 21:59, 27 February 2013 (UTC)

I'm not a fan. My screens get filthy enough when I go out of my way to avoid touching them. With touch screens, they'd be disgusting. When they are self-cleaning, give me a call. StuRat (talk) 22:14, 27 February 2013 (UTC)

These days, some touchscreens receive lipophobic coatings to reduce the amount of residue left behind by fingers. Not exactly self-cleaning, but a step in that direction.  — daranz [ t ] 22:28, 27 February 2013 (UTC)

Hopefully not! While I appreciate touchscreen in places where I need to access many different functions (e.g. in a smartphone), I really don't see the point of using touchscreens to replace functions of simple buttons as for instance in cooktops which are much slower to operate with touch buttons. Also, at least a couple of years ago, I remember that ticket machines in busy Japanese train stations were non-touchscreen, but had dedicated buttons, presumably because they were faster to operate as less busy stations did have touchscreens (warning: WP:OR). bamse (talk) 23:14, 27 February 2013 (UTC)

Touchscreens could be faster, if done right. Take volume controls. The oldest method was a dial, which you could quickly turn to whatever volume you wanted. Then they came out with dreadful up and down buttons, which are much slower to get to the proper level. Then they added acceleration to the up/down buttons, which can make you fly past the setting you want. Now, if the touchscreen has just up/down buttons or up/down buttons with accel, it will be just as bad. But, if they just let you pick right on the volume level meter to go to that volume, then it should be almost as good as the dial we started with. StuRat (talk) 02:21, 28 February 2013 (UTC)

You're comparing apples and oranges. Old knobs are analog gains, which are instant. Buttons are digital inputs that change the gain calculations in processing. Touchscreens don't have an analog equivalent, unless you mean Etch A Sketch. --Wirbelwind(ヴィルヴェルヴィント) 07:27, 28 February 2013 (UTC)

You can simulate an analog device with a digital one, so long as the number of increments is small enough and the speed is fast enough. StuRat (talk) 16:03, 28 February 2013 (UTC)

I've found that predicting the future is more easily done if you describe our needs more generally rather than specifically. We want to make interaction between Man and Machine easier and more intuitive without compromising utility and gaining as much insight as possible without bogging down the user with too much unneeded complexity. So that's what's going to happen, whether that means touchscreens or something else is unknown at present. You won't need a touchscreen if you can control machines with your mind for example, Brain–computer interface. ScienceApe (talk) 17:55, 28 February 2013 (UTC)

That might not be as good as it sounds, say when a husband and wife are watching a chick flick, and the man's thoughts keep causing it to change to porn. :-) StuRat (talk) 19:20, 28 February 2013 (UTC)

Clearing my Firefox cache

I'm trying to clear my Firefox cache, and everything I see that tells me how to do it starts off with "Click the Firefox button at the top of the screen"... and then proceeds from there. I don't have a Firefox button at the top of my screen. I'm using Window 8 and Firefox 18. Help? RNealK (talk) 22:57, 27 February 2013 (UTC)

If there is no big orange button on the top-left of your screen, try using the keyboard shortcut Ctrl+Shift+Del, then make sure "Cache" is the only one checked (select "Everything" on the time range to delete, if applicable). -- 143.85.199.242 (talk) 23:09, 27 February 2013 (UTC)

Thank you, that did it. Do you know how I can get the big orange button to appear? RNealK (talk) 23:15, 27 February 2013 (UTC)

Go to View → Toolbars and click on Menu Bar. Chamal ^T•C 05:20, 28 February 2013 (UTC)

thanks. RNealK (talk) 22:41, 28 February 2013 (UTC)

Multiple logins to same site in one browser

If login information is stored in a cookie, is there a way to browse a site with a single browser using two different logins (in separate tabs or windows)? Perhaps using a browser add-on or something!? (For testing purposes I sometimes log in using two different browsers, one for a user login and one for an administrator login. I'd rather do this with a single browser if possible.) bamse (talk) 23:25, 27 February 2013 (UTC)

Something like this? Henry^Flower 05:10, 28 February 2013 (UTC)

Thanks. That's it! bamse (talk) 20:29, 28 February 2013 (UTC)

Browser caching, SSL and http authentication

I am reading conflicting things about how SSL and simple http authentication affect browser caching of static content (css, js, images,...). Is it possible to enforce (if user's browser supports caching) caching over SSL for a password (http authentication) protected site? bamse (talk) 23:27, 27 February 2013 (UTC)