Wikipedia:Reference desk/Archives/Computing/2011 November 18

= November 18 =

google redirect virus
Hi all, I believe I have something called the google redirect virus, because when I click on a google link, about a quarter to a half of the time it takes me to a junk website. Only problem is, although there's plenty of stuff on it on the internet, I can't find it on Wikipedia. This is normally a bad sign, as Wikipedia is usually very up to date, especially on IT matters. Is it for real, or is it some kind of hoax (in which case what is wrong with my computer, Windows Vista by the way)? How do I get rid of it, since it is supposed to be hard for antiviruses to detect (unless that's part of the scam)? And how could I have caught it? I don't download stuff - do you get it from just visiting a website without clicking on anything? Many thanks, IBE (talk) 00:56, 18 November 2011 (UTC)


 * Mostly harmless malware, IIRC. I'm sorry I don't actually remember what I did to remove it on the box I encountered it on, just that it was simple.  Something in the registry, I want to say.  ¦ Reisio (talk) 01:38, 18 November 2011 (UTC)


 * Thanks :) any other info from anyone most welcome (I've visited the site but haven't done anything yet, so please add more if you think there's anything else I need to know, although the first link looks to be a good one). IBE (talk) 03:07, 18 November 2011 (UTC)


 * I removed something similar a while ago. It was malware that modified my browser's proxy settings to somewhere in Ukraine.  About one in three clicks on Google search results led to porn, scareware sites, an unexpected page that was vaguely related to the search terms. The hardest part was to remove the rootkit which hid the component of the malware responsible for resisting my efforts to remove it all.  Astronaut (talk) 13:28, 18 November 2011 (UTC)


 * I wouldn't expect to find anything more in-depth than this on Wiki. Just because this is the obvious symptom of whatever's on your computer doesn't mean the same program, or something else you haven't noticed, isn't harvesting your credit card information or login passwords (less likely). I'd suggest running Spybot – Search & Destroy at the very least- do a scan from safe mode if possible. I don't find the Spybot resident scanning function to be very useful myself- you probably want to run whatever Microsoft is calling their anti-spyware program for that. After that, you've got a good incentive to make the regular change of your passwords that everyone is supposed to do regularly but which doesn't actually happen. Nevard (talk) 22:36, 18 November 2011 (UTC)

Variation
I have a similar issue, but in my case it works a bit differently. I do a Google image search, find the pic I want, click on it, and it displays, for a half second, then the web site apparently redirects me elsewhere. The odd thing is that I wasn't at the website yet, I was still in Google's picture viewer looking at the preview. Somehow the website must have imbedded an instruction in the image preview that redirects me elsewhere. StuRat (talk) 22:49, 18 November 2011 (UTC)


 * Google loads the web page it found the image on, behind the image, presumably in an inline frame. If that page has Javascript on it that detects if the page is loaded within a frame, it can perform an appropriate action - like redirecting you to the page, without the frames. The principle is similar to those 'get me out of someone elses frameset' links that you used to see around. Obviously this is a little inconvenient when you're browsing for images. Nevard (talk) 02:38, 19 November 2011 (UTC)


 * Any way to disable that function ? StuRat (talk) 04:00, 22 November 2011 (UTC)

Microsoft Works Suite 2006
On my first visit, my thanks to the technical information provided in my previous question. Have Windows 7, and would like to download my Microsoft Works Suite 2006 which I think will be much easier for me to manoeuvre. Could there be any impediments or undesirable consequences to this action?

Jim. — Preceding unsigned comment added by Hamish84 (talk • contribs) 01:11, 18 November 2011 (UTC)


 * In general, there should be no consequences to installing software from 2006 on a Windows 7 machine. TheGrimme (talk) 16:15, 18 November 2011 (UTC)

where to buy the cheapest laptop online ?
I really to know where to buy the cheapest laptop online ? — Preceding unsigned comment added by Linda901212 (talk • contribs) 02:00, 18 November 2011 (UTC)


 * You really need to tell us where you are. You really need to tell us what you want the laptop for. You really need to tell us whether you want a new one, or second-hand. And you really need to think about whether this is the best place to ask vague questions... AndyTheGrump (talk) 02:44, 18 November 2011 (UTC)


 * Probably eBay. You might get lucky, but don't be surprised if you end up with a piece of junk.--Shantavira|feed me 08:44, 18 November 2011 (UTC)


 * It is possible to get free laptops. Some relatives gave me four supposedly dead laptops.  After a bit of refurbishment, I now have three working laptops having cannibalised one for parts.  Maybe someone you know has something to give away.  Obviously, it won't be the latest model, but it'll probably be good enough to run Windows XP and do a bit of internet surfing; and if refurbishment is needed then that will depend on the skills you have access to.  Astronaut (talk) 13:25, 18 November 2011 (UTC)
 * Also try CraigsList.org. That way you can inspect the laptop in person before purchasing it.TheGrimme (talk) 16:16, 18 November 2011 (UTC)

Remote access to an iMac over Verizon FiOS
My internet service provider is Verizon and I own a 2009 iMac running Mac OS X 10.5.8 Leopard. I would like to set up a remote connection to my Mac from anywhere. My router is an Actiontec. What software do I need (I would like to setup a graphical connection, instead of SSH or whatever) and how can I maintain the ability to keep connected with my Mac? --Melab±1 &#9742; 04:26, 18 November 2011 (UTC)


 * Anyone. --Melab±1 &#9742; 16:29, 18 November 2011 (UTC)


 * You can set up Screen Sharing. Here's "Mac 101" for 10.5"; and here's more recent documentation, Screen Sharing (for 10.7).  Leopard supported a variety of built-in remote access tools - ssh, screen sharing, file sharing, remote access and management, and more; you can use your Mac's built-in help tool to guide you through the setup in System Preferences.  If you update your system software to Lion, you can also use a variety of iCloud-related remote sync features between your Mac(s) and iOS software: How to Set Up iCloud (Mac).  If you install a Mac OS X Server edition of the system software, even more remote-access features are available, including a web-server, wiki server, mail server, storage area network system, remote management tools, remote monitoring tools, and other features.
 * As a last note - SSH with X11 forwarding is also an option; if you are a proficient unix user, you are probably already familiar with this capability. Here's the official page from Apple's Open Source Tools: X11.  Nimur (talk) 17:59, 18 November 2011 (UTC)
 * I am not very literate with command line stuff other than changing directories. Are there any problems posed by a dynamic IP and by FiOS? --Melab±1 &#9742; 20:10, 18 November 2011 (UTC)
 * Another thing: I probably have a dynamic IP address, so how can I maintain access to my Mac? --Melab±1 &#9742; 20:53, 18 November 2011 (UTC)
 * Dynamic DNS lets you dodge issues with the dynamic IP if you're using a fairly low-level way to access your computer like SSH, VNC, or Screen Sharing. I'd suggest using LogMeIn- lets you dodge a lot of the fiddling involved in setting up these things, and you won't have to configure your router. Nevard (talk) 22:29, 18 November 2011 (UTC)
 * Yeah, I just found LogMeIn. I am using the free version. Will I be able to log in and out remotely? Also, if I eject a USB drive using Finder how can I reconnect with it in the case I am away from my Mac? --Melab±1 &#9742; 00:26, 19 November 2011 (UTC)
 * If the drive is still physically attached you could probably map it to a folder using the 'mount' command in the Terminal. 'mount --help' should give you the goss. Nevard (talk) 08:42, 19 November 2011 (UTC)
 * Can I connect iTunes to my iPod touch remotely using LogMeIn.com, or will I have to use Apple Remote Desktop? --Melab±1 &#9742; 01:00, 19 November 2011 (UTC)
 * LogMeIn Pro will apparently (according to posts on their forum) do USB redirection for thumb drives and so on- which is probably not good enough for the iPod to work. There is a pro trial available- might be worth trying. Even if it is possible, I'd really recommend you find another solution- I've used USB redirection with VMWare and VirtualBox with a car computer interface that needed Windows, and without even getting the internet between the device and the program using it it was flakey. From my reading, Apple Remote Desktop doesn't seem to do it either. Nevard (talk) 08:42, 19 November 2011 (UTC)

Window 7 ISO File Installation with Daemon Tool Lite !
Hi Guys !

I need to ask you a question.

Suppose i have windows 7 ISO Image File on my system and want a clean installation of it with Daemon Tool Lite. Will it install smoothly without any problem and without DVD-Rom.Please help me.

Thanks. — Preceding unsigned comment added by 78.151.155.196 (talk) 12:19, 18 November 2011 (UTC)
 * AFAIK, you can't do a clean install from within Windows. If you don't know how this answers your question, think about it carefully and eventually you should get it. (I'm not saying you need to burn a DVD, I know there are ways to install without doing so which I've used myself. I'm simply saying your proposed solution is flawed.) Nil Einne (talk) 13:36, 18 November 2011 (UTC)


 * Nil Einne is mostly correct in that you can't use a Windows app to install Windows on top of itself. If you don't want to use a DVD disc, you can put the image on a USB drive and boot off it.  See this guide. TheGrimme (talk) 16:19, 18 November 2011 (UTC)


 * That's wrong. You can't reformat your hard drive before reinstalling if the install files are on the hard drive, but a "clean install" is simply an install that doesn't copy over previous settings, drivers, etc., and you can do that from within Windows, according to this page. I see no reason why it wouldn't work from a DVD image mounted with Daemon Tools; it copies everything it needs to the hard drive before rebooting in any case. However, if you did have problems, you could manually copy all files from the DVD to a folder on the hard drive and run setup from there. -- BenRG (talk) 05:41, 19 November 2011 (UTC)

PNG geotag
Is there a geotag in PNG? Exx8 (talk) 13:13, 18 November 2011 (UTC)


 * No not in any consistand and supported way This site says:


 * The PNG specification allows labeled text (ASCII or UTF-8) elements to be embedded in text chunks and predefines a few standard keywords (element labels): Title, Author, Description, Copyright, Creation Time, Software, Disclaimer, Warning, Source, Comment. The compilers of this resource are not able to assess the degree to which such metadata is found in practice or whether other keywords are in common use. An attempt in 2000 to develop open source tools to convert EXIF images (including EXIF metadata) to PNG seems to have been abandoned. See http://pmt.sourceforge.net/exif/drafts/d020.html. Without such tools and agreed practices, PNG can not rank highly for self-documentation.
 * It is possible to embed XMP metadata in PNG files, according to the XMP specification. However, the documentation for ExifTool for PNG tags suggests that practices for storing XMP or EXIF metadata in PNG images have not been consistent.
 * It is possible to embed XMP metadata in PNG files, according to the XMP specification. However, the documentation for ExifTool for PNG tags suggests that practices for storing XMP or EXIF metadata in PNG images have not been consistent.


 * its possible that there will be some standard in future. -- Q Chris (talk) 13:33, 18 November 2011 (UTC)

The only (decent) use I can think of for this would be imagery rendered (that is, not photographed) by a mobile device that knows where it is. ¦ Reisio (talk) 14:12, 18 November 2011 (UTC)


 * Why not photographed? I thought you were a believer of PNGs in all circumstances. --Mr.98 (talk) 15:09, 18 November 2011 (UTC)


 * PNG compresses photographs quite poorly, while JPEG works well for them. The standard way of losslessly storing image data is to use a raw image format. They're actually "more lossless" than PNG, since they store more color information than just 8 bits each of R, G, and B. Paul (Stansifer) 12:32, 19 November 2011 (UTC)

gzip wget
I am downloading pages with wget on Windows 7 from a site which supports gzip HTTP compression. Wget however does not support this, so pages are transferred without compression and therefore use much more bandwidth than they should. I figured the best solution might be to put some program that supports gzip HTTP compression between wget and the site, like a proxy, so pages are downloaded with compression, uncompressed, and then fed to wget as normal. What program might be able to do this? I looked at polipo but it doesn't appear to support gzip. I don't have much RAM so a full squid setup is not an option. 82.43.90.142 (talk) 15:29, 18 November 2011 (UTC)


 * Are you sure wget doesn't support gzip compression?  As far as I know you can say  wget --header='Accept-Encoding: gzip,deflate' http://example.com      If you can't persuade wget to do it, try cURL instead, which works in much the same way. -- Finlay McWalterჷTalk 16:38, 18 November 2011 (UTC)
 * That fools the site into thinking wget supports gzip, but wget cannot process the downloaded file for other links. wget just sees binary data instead of html. This breaks recursive retrieval and page-requisites. 82.43.90.142 (talk) 17:00, 18 November 2011 (UTC)
 * That's why raptor jesus invented pipes, stdin, & stdout, but maybe you should just use HTTrack. ¦ Reisio (talk) 17:34, 18 November 2011 (UTC)
 * How does one use pipes and stdout to make wget understand gzip during recursive retrieval? 82.43.90.142 (talk) 18:41, 18 November 2011 (UTC)
 * With more effort than using HTTrack. ¦ Reisio (talk) 02:04, 19 November 2011 (UTC)
 * Still, I'd be interested in learning how 82.43.90.142 (talk) 10:09, 19 November 2011 (UTC)


 * Privoxy might work. I know it decompresses gzipped/deflated pages internally (to filter them), and I think it passes them uncompressed to the client. I don't know whether it will request compression from the server if the client didn't request it. You could try passing the  to   or configuring Privoxy itself to add the header, and see what happens. You might also have to add a dummy filter that never matches to persuade Privoxy to decompress everything. -- BenRG (talk) 05:53, 19 November 2011 (UTC)
 * It doesn't seem to work, but I've never used privoxy before and it's complicated so I'm probably doing something wrong. Thanks anyway, it's a very interesting idea 82.43.90.142 (talk) 10:09, 19 November 2011 (UTC)

Potential Security Risk
I know that some websites display data on where the last 10 or so visitors came from (e.g. Google.com). On one of my translator websites, for example, it tells me where visitors to my page came from (e.g. from specific pages within the site, or from external websites, search engines, etc.). I would like to know if any website collecting this data would also be able to collect login details of the visitor on the previous site. For example, if I went from here to another site, one which collects visitor data, would they be able to collect my Wikipedia login details or any other information? What about when I visit one of these sites, would it be able to collect data from other tabs I have open in Firefox? I am not asking about Chrome, as Chrome tabs are all separate and individual processes. KägeTorä - (影虎) (TALK) 18:21, 18 November 2011 (UTC)


 * What you're seeing is just the HTTP referrer data. It doesn't convey login data unless a site was ridiculously stupidly coded so that its URL did contain login data (which no website may by anyone other than someone coding for the very first time would have). Generally speaking no site should be able to get information about other tabs in browsers, but there are security loopholes with regards to cookies, applets, plugins, etc., which have at times compromised this. But on the whole, no, it should not be possible. In practice, there are sometimes bugs, bad security choices, etc... --Mr.98 (talk) 18:36, 18 November 2011 (UTC)


 * The security problem is not the HTTP referrer field. It is flash cookies and social linking. Flash cookies have been around for a long time. They are cross-site cookies that store a lot of personal information that any website can gather. The purpose of them is to have fancy applications that work on more than one site. The use of them is to track a user's behavior across websites. Because many people have been smart enough to disable flash cookies, the next step is social sites (mainly Facebook). Ever notice that when you visit a website that has absolutely nothing to do with Facebook, you will still see a Facebook logo and your login name (and sometimes your list of friends). Facebook distributes code to other sites to gather information on your behavior across the Internet. What do they do with it? They own your identity and sell it to others. Did you give them permission to do so? You read the EULA, right? -- k a i n a w &trade; 18:43, 18 November 2011 (UTC)
 * According to the New York Times, Facebook will even try to blackmail you into giving your passport and other private documents. Some users have been foolish enough to voluntarily provide Facebook with access to their government-issued IDs, financial information, and so on.  This helps Facebook identify individual users when selling identity information to advertiser websites.  Nimur (talk) 19:53, 18 November 2011 (UTC)
 * While I agree the 'instant personalisation' (if that's what you'rereferring to) is a privacy concern (albeit not one available to me), it's currently limited to 8 websites and Bing, Pandora, TripAdvisor, Yelp, Rotten Tomatoes, Clicker, Scribd, Docs. And theoretically the websites are supposed to delete the info if you ask them (per their contracts with Facebook).
 * A bigger concern is the Facebook Connect/social plugin type things that you see on website. But from what I've seen a lot of people misunderstand this. While you see info such as which one of your friends has liked the website or page and have the option to like or or occasionally updates from your friend or have the option sometimes to login to the webiste, as I understand it and supported by the privacy policy the info actually comes from Facebook itself (if you look at the page it's coming from the Facebook server) and it's not shared with the other website unless you choose to engage with it. In otherwords, unless you choose to 'like' something or authorise a connection or otherwise engage in the Facebook stuff, the website isn't supposed to gain any info on who you are.
 * While Facebook has a history of privacy failures    it's also worth remembering they are a business not some evil company out to end all privacy.  While they may not care much about privacy per se, they do care about making money and it's not in their interest to provide potential tracking info to third parties without getting something important in return which they currently at least (and I would say not surprisingly), don't see without some sort of agreement as in the pre-approved websites or a user using Facebook on the website. Which leads to me my main point, the big privacy concern with Facebook Connect etc comes not so much from the website learning who you are, but from Facebook being able to track what you do online, which can happen even when you're logged out . In other words, to get back to my earlier point, it's far more in Facebooks interest for them to gather all the info then for them to hand out info to others willy-nilly so they can do their own tracking.
 * Nil Einne (talk) 00:35, 19 November 2011 (UTC)
 * P.S. Re-reading your comment perhaps you were talking about Facebook tracking not third party tracking after all? I'm not sure, the comment about Flash cookies made me think you were referring to other websites being able to use info Facebook provided for tracking purposes. Nil Einne (talk) 01:04, 19 November 2011 (UTC)


 * If you don't want website B to know that you visited from website A, you can install a Firefox extension like RefControl. Configure it to send the real referrer within a domain and a forged referrer when crossing domains. (You can set it to block the referrer header entirely, but that breaks a lot of sites.)


 * The referrer header is only sent when there's an explicit link between pages—either a link that you click or an inline image/video/whatever that's loaded automatically. It's not sent when you navigate to a page by any other means (such as clicking the home button or pasting a URL), and it doesn't operate across tabs in any browser . (edit to add: In any browser, including Chrome, the referrer header is sent whether the link opens in the same tab or a different one. I should probably add that referrers are normally not sent on cross-site links when one or both sites uses HTTPS.) -- BenRG (talk) 06:10, 19 November 2011 (UTC)

Thanks for the replies. You have allayed my fears and replaced them with a set of new ones :) And thanks for the suggestion of the addon, BenRG. I am using that now, and it works perfectly. KägeTorä - (影虎) (TALK) 15:57, 19 November 2011 (UTC)

Same password on different accounts
These two questions are supplementary questions to my original question in the discussion now archived at Reference_desk/Archives/Computing/2011 November 14. —Wavelength (talk) 21:01, 18 November 2011 (UTC)
 * If a person has a particular password for a Hotmail account, should that person avoid using the same password for a Gmail account?
 * If a Gmail employee could use the password to hack the Hotmail account, could the same employee not use the same password to hack the Gmail account?


 * You should avoid using the same password for two different things.
 * In any decently implemented system (which surely Google and HoTMaiL are) the passwords themselves will not be stored, but a cryptographic hash instead. So even if an employee of Google could retrieve the hash, he couldn't generate the password to type it into HoTMaiL. Better yet, sensible practice has the hash itself be cryptographically salted too, which means two different people with the same passwords have their passwords stored as two different values. -- Finlay McWalterჷTalk 21:07, 18 November 2011 (UTC)


 * The big problem with using the same password isn't respectable companies like GMail or Hotmail. It is those "who the heck runs this site" places like blogs. They ask you for an account name and password to post a response. Then, they try that username/password on all the popular websites to see if you were dumb enough to use the same user/pass for their blog as you did on GMail or Facebook or, worse, Bank of America. -- k a i n a w &trade; 21:26, 18 November 2011 (UTC)


 * ... and, even worse, some sites store and display your unencrypted password, and some regularly e-mail the password to you unencrypted with a reminder that you haven't logged on for a while! I'm amazed at the lack of awareness of security issues on some smaller (but respectable) websites that I've used.    D b f i r s   00:18, 19 November 2011 (UTC)


 * And as the recent anonymous attacks have revealed, even quite a few of those that encrypted it don't seem to use a salt meaning it's very vunerable to rainbow tables Nil Einne (talk) 00:50, 19 November 2011 (UTC)


 * The big problem isn't so much malicious service providers (although there is that danger), it's stupid service providers who store passwords in the clear, and then expose their database via a security hole. Paul (Stansifer) 12:29, 19 November 2011 (UTC)