Wednesday, December 17, 2008

If programming languages were religions...

I look through Slashdot.com and noticed that it pointed to a very interesting blog where the post compares different programming languages to different religions in the world. Read and take a good laugh :)

http://www.aegisub.net/2008/12/if-programming-languages-were-religions.html

Adjusting PATH variable for Java

I was fiddling with the adjustment of the PATH variable in my Win XP for my Java JDK. I pointed the PATH variable to the /bin of my latest JDK and nothing else. So it's "PATH=C:\Program Files\jdk1.6.0_01\bin" if you put it in text form. Next , I tried to do a 'ping' and an 'ipconfig' in my cmd the next day and it says that ping / ipconfig is not recognized as whatever internal command type of error. I noticed that system32 is also using PATH so I set "PATH=C:\Program Files\jdk1.6.0_01\bin;C:\Windows\system32" and now , you have Java's JDK and system32 using PATH ... happy ending. I can do my Java stuff and ping and ipconfig.

Tuesday, December 16, 2008

Songbird , H2 jarSmall

I was reading through LifeHacker as usual and caught some news on Songbird. I was thinking to test out yet another Mozilla product , Songbird . I was expecting high quality product but when I finished installing Songbird just a while ago, it crashed upon launching up for the first time and I restarted it but again , it crashed everytime it tried to launch. Well... too bad for this Mozilla product... I doubt how ready Songbird is , so I uninstalled it without a second thouht.

I have been looking for media players capable of playing and accessing podcasts but sadly, I haven't found any other than iTunes. I have been avoiding iTunes and WMP for a long time since I think these 'commercial' products aren't of my taste. Another thing of Songbird that put me off when i was viewing it's screenshot was how similar it's GUI was when compared to iTunes.

I have nothing against iTunes or WMP but things that are too 'commercial' and 'Big Boys' who have reputation of not being open or are open just to avoid some lawsuit from some organization just puts me off ... my personal opinion...

Anyway, thanks to Thomas Mueller for helping me with figuring out why I can't build H2, finally got it to work. It seems that Java doesn't automatically set the PATH for you and you have to do it yourself which figures why my Java act weirdly when I tried to build H2 jarSmall.

Finally got myself a H2 jarSmall and now I can proceed with my stuff that requires a jarSmall H2.

Sunday, December 7, 2008

Manutil in Makagiga

Lately, I have been working on manutil (Man utility aka Man) for Makagiga whenever time presents itself an opportunity to sit down and do the coding. The development of Man was pretty quick and I have got the basic functions working but they are still not ready for the wild yet. There are other stuff to do, including making Man able to survive in the wild where 'abuses' would be thrown at it.

Just a quick explanation on what Man is... It's simply a manual page like those on Unix OSes (e.g. Linux). Anyway, I got my inspiration while playing with the Man pages on my Linux Fedora OS and thought that it would be interesting and useful to equip Makagiga with one and also, I am a Makagiga user.

Man would not be exactly the same as those Linux Man since it's going to be implemented using Java on a Makagiga platform...not some OS... and plus... I like to give my Man utility a twist and flavouring it with my own style.

I made it a console base since Man is supposed to be a console based app and plus.. it looks geeky :P

Anyway, I scanned through some tech news and there wasn't much thing that is interesting to discuss... so laters...

Saturday, November 29, 2008

Back and More...

Hi again . I have not been blogging for a long time since I have some issues and work to handle.

Recently, I have been planning and starting coding on some Makagiga plugins in an effort to add more useful tools into the Makagiga platform.

What is Makagiga for those who don't know what it is. Makagiga is a desktop platform written in Java. It has a SDK which allows you to create widgets and plugins for it. Simply, it's just a general purpose platform where you install plugins that you want to use.

You can visit Makagiga's official site at http://makagiga.sf.net .

Some plugins I have written is the quickQuit and the login plugin. Login plugin is not offically available for downloads since it is deemed in the testing phase. The quickQuit is simply a quick access quit button to quit Makagiga.

Login plugin for Makagiga still needs a bit more polishing for it's Look and Feel , which otherwise, it can be pretty usable.

Some Makagiga plugins I am currently doing is a Linux-like man page plugin for the Makagiga console so that console man pages can be available. A contact / address book plugin is still under the way in the planning phase and one very difficult and troublesome plugin that have been hard to develop is the encryptfs plugin which essentially encrypts the entire Makagiga filesystem if you switch it on. The difficulty is the portion where I have to handle is how to pull off a one time login on Makagiga where users after logging into Makagiga (have login plugin installed and password already set) don't need to produce another password for encryptfs to decrypt the filesystem for use. I could simply implement another login for the encryptfs but users have to login to Makagiga than the encryptfs again just to use Makagiga. I want the login process to be smooth and hassle-less with a single password so users don't need to remember so many passwords.

Time constraint is another factor to hindering the efforts of development of these plugins and other factors hinder the progress of the development of these plugins.

Enough of my rant now... off I go...

Wednesday, June 25, 2008

An embedded or a non-embedded ?

For those who want to run light quick and portable apps, embedded DBs are the way to go. But what if you have an enterprise web application that would be used by all the departments in the an enterprise company and you have a web site to hook to the DB too and your company is a very important financial institution ? Would you use an embedded Db or a solid network based , non - embedded DB ? I would rather throw aside the embedded ones if I need a solid , fault tolerant database ... and of all, they should be written in non VM based languages like Java.

So let's touch on why I think embedded aren't going to be a good option in my view. Embedded are mostly optimized for the portable stuff... small and sleek... but the compensation for some small stuff is mostly ... the ability to tolerant huge traffic ... lots of faults and errors occuring. What do you really expect for something made so small and used for embedded applications ?

I would prefer to go for those solid MySQL or Postgres servers which are dedicated servers with networking capabilites. Codes are not needed to be withold to make it small and light ... instead... codes are made in these stable database servers , to withstand enormous amounts of faults and traffic.

Why do I say that it's not recommended to use VM based languages to create enterprise databases ? Simply because, before the codes upon execution , have to pass through the VM tier before actually executing. If you use a code that directly 'speaks' native language, you bypass the troublesome VM tier. It would be faster indeed.

So if you want a database to handle real enterprise stuff, I would prefer to use a dedicated , non-embedded database and if better.

Thursday, June 19, 2008

My First HORRIBLE JSF tutorial with NetBeans 6.1

I thought since I have been trained in some JSP and servlets and there's so much hype and buzz about JEE 5 , Glassfish server... JSF ... why not try them out and so, I use my 'trusty' NetBeans 6.1 . I use Netbeans because I was introduced to Netbeans during my courses and that Netbeans is Sun supported so ... what better to use than something that is endorsed and supported by Sun (maker of Java).

I browsed the Netbeans website and found a simple HelloWeb web apps tutorial for the JSF. The link to the tutorial is http://www.netbeans.org/kb/60/web/helloweb.html .

I setup my web apps according to what is said and set my server to Glassfish V2 since I wanted to try out Glassfish for the first time (I have to manually point Netbeans to the Glasshfish folder since Tomcat is set as default server) and I selected JEE 5 since I have not used JEE 5 but J2EE 1.4 during my courses.

First half of the HelloWeb went fine and I managed to create the specified app where you keep in your name and it echoes back.

The second half needs a Java DB/ Apache Derby database installed together with NetBeans package using the PERSON table in the TRAVEL database.

I managed most parts until when I hit the portion where the database is needed. I tried to connect to the TRAVEL database to view the database tables as they specified. I right click > Connect ... and guess what ?

ERROR ! Unable to Connect ! Cannot establish a connection to .... using org.apache.derby.jdbc.ClientDriver (DERBY SQL error: SQLCODE: -1, SQLSTATE: XJ040, SQLERRMC: Failed to start database 'travel', see the next exception for details.::SQLSTATE: XSLANDatabase at C:\...\.netbeans-derby\travel has an incompatible format with the current version of the software. The database was created by or upgraded by version 10.2.).

I thought... oh no ... of all moments.. why now. I have been able to connect to databases using NetBeans 6.1 and I can even connect to my favourite database systems , the H2 database.

I thought to myself.. fine... why don't I look into other databases for use in this tutorial and of all things none of them worked !!!

I thought maybe since I can use H2 and I am getting more familiar with H2, why not use it to create a mock up TRAVEL database with just one table... called PERSON since that's the only table to be used and in the PERSON table, make a PERSONID and NAME field rather than the rest of the fields since the fields needed for this tutorial is simply the NAME field. I made it, got NetBeans to connect (I need to specify the schema manually too) , and I am done . I created and populated the database before getting NetBeans to connect just in case anything breaks. I can view the data I populated it with but when linking the PERSON table to the drop down list in the part 2, it didn't automatically or even show the names of users in the visual web editor as was said in the tutorial and when I tried to bind the drop down list to the database , there wasn't any values of the fields for me to select which field to bind.

I tried to create a Java DB / Derby database by using the database tools in NetBeans ... all those right click , create connection ..tables... the list of databases did not show the database I made at all !

EVERYTHING IS FALLING APART !

As like many NetBeans tutorials I have attempted... it's always vague and leaving you to guess things.

I gave up on this JSF tutorial and just blog what happened here.

Firstly, why in the world is there such compatibility issues with Derby ? From the start, I don't like Derby because it just doesn't just run right off the box and you need to tweak things here and there.. use consoles... no out of the box GUI console to set up for you like what H2 and MySQL provide. Now, Derby just drop lower in my eyes after this incident. Why of all things is there a compatibility issue I have to handle and not handled by the system ? H2 and MySQL , for what I know by using them , didn't give me such stupid compatibility issues.

And one thing... why would the drop down list not recognize my H2 database's TRAVEL database ? The errors aren't even H2 database but most point towards some internal error and things inside screwing up ! Why would a database created using NetBeans provided tools not be displayed in the side bar after I tried to create a Derby database to use in the tutorial ?

NetBeans and Derby developers, if you are reading this, do look into the matters.

Just a word for Derby developers... if you want to truely make your database better ... make it feel 'warm and friendly' like what H2 did. At least have some GUI so people wouldn't be lost especially during setup.

Saturday, June 14, 2008

aTunes, 1.9.0 Mistral

aTunes is a Java based music player and music manager. It can be used cross-platform as long as you can run Java. It can even perform audio CD ripping too with it's utilities. Currently, aTunes supports formats like mp3, ogg, wav, wma, flac, mp4, ape, mpc, mac, radio streaming and podcasts.

aTunes make use of MPlayer as it's music engine to play the sound required.

It's frontend GUI is superb and well designed using Java's Swing GUI and some other open source packages to extend the capabilities of Swing GUI. There are 26 native skins within aTunes to select for your own preference. That's quite a lot of skin provided by default.

Like other modern commercial music players, aTunes can fetch lyrics , artist information, song information and any other similar songs... and the twist is... this aTunes is open source and completely freeware and allows the user to freely copy and distribute as they wish and even make modifications to the source codes if the user knows how to program(GNU GPL version 2 license).

aTunes have a left and right side panel which displays useful information about the songs or podcast or anything it is playing or doing. The left panel shows you the songs you have in your repository which you can select it to be displayed according to the artist, the albums , the genres of music or simply .. to display a view of the folders. If you think that the side panels are too much of a clutter, which I feel it is since I prefer simplicity, you can simply hide the side panels with a click of their respective buttons and they would hide neatly and what is left is a clean table containing the list of songs without the clutter of too much information.

I doubt if Apple's iTunes or Window Music Player do give you so much flexibility in choice. aTunes is pro - choices where it gives power in the user's hand. All the user needs is to know how to tweak it and select the configuration they want to be displayed.

In aTunes, if you want a new playlist, you simply click on the playlist button and select the New Playlist, rename it to what you like, go to your repository and start dragging songs to populate the playlist or maybe, you may consider going directly to the files containing the songs or your music folder and you can start doing drag and drops of the songs to be played.

The only few bad things I can think of aTunes is that it still isn't ready to allow plugins to be scripted and loaded and the other is that sometimes if you are running heavy memory intensive stuff, your music that you are playing may have a bit of jerkiness to it. Hopefully in the near future, the memory footprint for aTunes , which uses 29 MB of RAM.

Other than all the few negative points, aTunes is having a good amount of user base which exceed 268000 downloads from the point of inception of the aTunes project in 2006. The ease of usability in aTunes is very good. If you can use any music player, you can use aTunes. The cross platform advantage because it is made using Java programming language is a plus bonus so you can use it on your Mac OS X , Linux , Windows... as long as you have an up to date Java Virtual Machine.

To download the latest version of aTunes codenamed Mistral, use the URL:
https://sourceforge.net/project/showfiles.php?group_id=161929&package_id=182599&release_id=606416

To visit the aTunes project page: https://sourceforge.net/projects/atunes/

To visit the aTunes homepage: http://www.atunes.org/

Wednesday, May 21, 2008

Emailing on Blackberry phones are insecure

Read: http://economictimes.indiatimes.com/Telecom/Govt_may_get_keys_to_your_BlackBerry_mailbox_soon/articleshow/3041313.cms

Blackberry phones allows users to email but the flip side is, your content isn't going to be very secure. From the above article, the Indian Government have managed to force RIM who develops the Blackberry phones, to spit out the encryption keys for emails. RIM claims that they would only give non-corporate keys... who knows they might have given more and the Indian Government may have asked for more.. but we don't know... and there's always this possibility.

Non-commercial dialogues may hold personal private details or some non-corporate secrets... so this is no less than breaching of privacy by the Indian Government and very evidently, RIM , in order to secure their business in India, succumb to such actions of breaching privacy and trust.

I doubt I would even trust Blackberry and from the very start, the architecture of how Blackberry treats and handles emails are already insecure..because user's emails have to pass through Blackberry servers and who knows what these servers might be doing...

In short, Blackberry is created but with much suspicion around it.

Tuesday, May 20, 2008

Softwares that people would want to use...

Read: http://tech.slashdot.org/tech/08/05/20/1511205.shtml

What people hate:
  • Bloated
  • Too much hassle to install/use
  • Unstable
  • Malware/Spyware/Virus
  • Security loopholes that are known but ignored
  • Too much message and notification (too noisy)
  • Does things behind the user's back (secretly install stuff or obtain consent in a way users are not fully aware)
  • Softwares that don't do what they are suppose to do and add some extras or lack of what they are supposed to do
  • ...etc ...
A comment about Sun's installation/update for Java... please do what you are suppose to do and don't do extra things like trying to get users to install Yahoo toolbar and Google toolbar and advertise this and that... you are suppose to create an update/installer ... not an advertising platform. Many users installing Java are normal users and are not attentive enough to read so they mostly click Yes / Accept/ Ok ... only the more geek - like (like me) would bother to read and spot that the Yahoo/Google toolbar are set default to be installed (trying to trick unknown users to install) and we have to unclick the checkbox to not allow it to be installed.

Installing is about consenting you to add stuff in the user's system and is based on mutual trust. If Sun were to continue it's underhanded ways , I think the user trust would wane and maybe the coming IcedTea JDK without such nonsense would be people's choice, not Sun Java ... or even more serious, people might forgo Java and refuse to accept it. It's sad for me, a Java programmer, to see Sun Java to be rated as one of the most annoying software installation/update because of the misconduct and misuse of trust of Sun Java.

Below is a list what I think users want their softwrae to be:
  • Do what it is suppose to do best and nothing else... unless stated
  • Free from spyware/malware/virus...all those shit that plague PCs
  • Small and light weight... this is the age of portabilty... not some big bloatware
  • Use as little resource and necessary resource as possible
  • Robust and resiliant to most faults and errors
  • As little jamming or crashing
  • Developed with security in mind
  • Scalable /Plugin / Extendable
  • Files and Folders are organized cleanly and not thrown all over the file system
  • Automated with consent and knowledge of the user without too much technical details or spamming the user with too much notification
  • Simple , Simple , Simple !!! Complex stuff is the thing of the past.. even for geeks, they would rather take simplicity then complexity !!!
  • NO BACKDOORS !!!
  • ...etc...
The list of what users expect of the software they use is ongoing and long and each user have their own perspective.

Sunday, May 18, 2008

OLPC... changed course of direction

Read: http://www.msnbc.msn.com/id/24665263/
http://mobile.slashdot.org/mobile/08/04/22/1421204.shtml

OLPC, how angelic and inspiring it's starting was, has ended up misled...

Simply, the previous and current versions of OLPC allows you to look at the running codes of the applications and processes that are running in the XO laptops, but imagine what happen if you add in Windows ? You wouldn't get the functionality of looking at thw workings and learning from the workings and discovery.

XO laptops are about tinkering and finding out how to solve a problem... but with Windows, your options are limited since Windows have always been a restrictive and limiting OS to work with. I doubt how educational it is. When Negroponte tried to sell Linux empowered laptops and was put down by the education ministers, he might have thought that ading Windows would add a bit of 'lustre' to his products since Linux have always been thought of as some free low grade ugly beast and Windows... at least it could make it through since you don't use much command prompts then Linux (no insults meant to Linux users in any way).

It seems Negroponte is trying to stay alive in his ... badly planned business enterprise (not education).

The dreams of education is over... for OLPC enthusiast ... many of the top OLPC members have already either resigned or walked away ... the 'virtue' have been spent.

I once thought rather highly of OLPC using Linux, but now, it's over.

Anyway, if you want to help those poor and undeveloped nations, a sudden introduction of laptop to every kid is NEVER THE RIGHT THING TO DO. It is causing a cultural shock !!! I doubt Negroponte have considered the mental impacts a forceful and sudden introduction of these products into the live of these kids might have done... we do not know what happened to the kids mentally... and it needs some research.

I think all these poor kids needs are basically just proper schools , chairs , tables and utilities... not overly high tech laptop. The basic stuff is always the best to start first.


Friday, May 16, 2008

Derby database in applications and why I don't like it

I have tried using some applications that uses Derby as the backend (I wouldn't want to pinpoint the products) and when the product is started, it takes a very very very long time for the derby to initialize (because one particular produce have a tool tip when you mouse over to tell you the status) . It took nearly more than 2 minutes to initialize. On the other hand, I have made a couple of applications using H2 database as backend. I didn't use the latest H2 and it's those around version 1.0.65 for H2. The speed difference was so different. It quickly started and the apps took only less than 2 minutes or even 1 minute and below.

Just a side note, H2's jar file contains: SSL Server , TCP Server , Postgres Server (to allow Postgres protocol) , command prompt shell , Web base console , database engine , JDBC and allow both client-server and embedded mode.

I doubt if Derby's jar file even have an interactive console like H2's or have the array of tools packed in like H2's.

When I first used Derby, i have no idea how to start it or even run it. It's so unfriendly and you need to hit in chunks of commands into your OS's command console/prompt. For H2, all I need is click on the H2 jar file and it would add a small task bar icon in my OS and pop up a web page with a friendly console GUI.The web console comes with some GUI goodies like auto fill in forms ...etc... It's so much more presentable and easier to use than Derby. When I use H2, the first thing I felt was me being impressed by how well it pressed and how simple... all in the click of a jar file and web based GUI consoles come to your aid. If I need another session , I just go to the task bar, click on the H2 icon and another session is there. If I want to terminate the database , I just exit the icon

Overall, the minute I use H2 , I am not so badly lost as Derby. For the Derby team... if you want to be any better than H2, first start from redoing your appearance and usability.

Another thing, imagine your applications with backend have some SQL problem and you need to debug it in the deployment machine but you don't have any other tools except the jar files. For H2, you just need to click the jar files, key in the connection path , username and password and you can start to debugging , restoring any corrupted databases , backup (hot and cold) ...etc... no complications. Derby ... up till now, I tried to get into the Derby database of the applications containing Derby which I refuse to pinpoint earlier... and I still haven't got an idea to access it's database. Maybe I am a noob in using Derby. From this scenario, if you are a developer or maintainence officer, I think you are more likely to choose to maintain H2.

So from here, H2 wins hands down not only on the usability and ease of using and more hassle free than Derby, H2 won because it has lots of tools equiped inside it's smaller than 2 MB jar file. Can Derby do it ? Yes ... but are they moving towards it and effectively be seen as equals to H2 to my view ? No .

Derby developers, you have lots of usability issues.

H2 developer(s) and to it's chief , Thomas Mueller, well done ... continue on the good work ! :D

After the good first time experiences from H2 , I have rather become a fan of H2 because of the good impressions.

Laptop checks in border crossing

Read: http://www.schneier.com/blog/archives/2008/05/crossing_border.html

Well, USA was once famed for it's liberty but it's liberty and freedom is all spent and squandered and the trust have been all used up. Indeed this is what they call liberty and freedom... hmmm....

This age, there is and already is absolutely NO LIBERTY OR FREEDOM. Those with a dream of liberty and freedom is as good as a wasted dream or either, you really have to fight an upwards stream and bring about a revolution of culture to bring back liberty and freedom and to secure the hearts and trust of people.

Anyway, back to topic, it looks like those customs officials would make it a headache for you when you cross into their borders with electronics. This is not confined to just the USA and Britain, this is true to most of the countries these days when they are so paranoid about the content you bring in inside your electronic device.

Encryption wouldn't work anymore since they would give you a bad day, 'torture' or literally torture you until you decrypt your stuff and surrender your passwords and contents.

As Schneier said, it's best that the data or information is not there and not available on the machine. So get yourself some data shredding tool like AxCrypt or other cryptographic software that can safely shred your files to leave no trace for recover. If somethings' not existing, then no one knows... the safest bet.

I thought of another way to allow you to use a computer without bringing in any machines. Get yourself a Linux LiveCD (this works for Linux users) and that's all you need. Find a computer and boot from the Live CD (don't install it !) and just use the Live CD to connect back to your company's VPN (make sure the VPN has SSL protection) and you can start accesing your company stuff.

Another way is not to bring anything and don't do anything... that's the best thing there is...

Friday, May 9, 2008

Dangerous SP3 for Win XP

Read:
I doubt if those Microsoft developers did properly checked SP 3 before releasing it. Imagine if the user is using Win XP Professional for mission critical stuff ... I doubt they would like what happens. I guess those developers are sleeping on their jobs again ?

I think Microsoft products are getting worse down the line since all they care is to gain more $$$$$ and more people using their stuff... so all they care is to rush and push out something rather than making their software products robust enough to handle daily 'wear and tear'.

Maybe it's really time to consider using Linux ... but the desktop for Linux needs lots of improvement. If Linux desktop were to improve a bit more for the dummy and noobs to use, then I would consider moving all my stuff to Linux without a second thought.

I don't like the XP I am using since it's slow , jams frequently and easily crashes (done that aon many occassions) but I don't like the desktop and usability of Linux either. I expect more from Linux.

Bit Torrent improvement suggestions

Since the so called righteous authorities likes to go around tearing down what they considered as bad... I think drastic measures of defense is needed to defend.

TorrentSpy have been demolished because of a cour order from MPAA.

Read: http://news.bbc.co.uk/2/hi/technology/7389485.stm

What Bit Torrent could have done is to add a technology that would allow clients to become mini trackers too. So if the supposed 'Justice people' wants to take the trackers down, they have to kill off all the clients ... which mean no BT.

Humans have really corrupted and made the world a bad place to live.

Sunday, May 4, 2008

XMLDB Intro

I was looking through many databases (pgsql , oracle , mysql , derby , h2 / hsql ) and I have not noticed any database that stores their data in an XML format. I thought maybe there should be a database that stores data into XML files as the default database files so that the benefits of XML can be exploited.

By using XML as database files, the benefits of XML that can impart to such XML database files are:
  • easy for porting and development
  • vendor , programming/scripting platform and OS neutral
  • easy to read literally
  • can be easily extended and scalable
For now, I have created a basic skeleton of the XML database file format (.xmldb) and it is made in a way that it can be extended and each portion of the XML does what it is suppose to do.

The main rationale of thinking of the XMLDB is simply because the very fact that every database use their own file format and it would be difficult for databases to share database files when necessary and when developers need to write some programs between databases, they need to know the format. XMLDB would be so versatile and easily extendable.

Just imagine XMLDB as a CSV database file but in a more complex , more defined and more structured version.

I am not sure if someone already have or implemented this idea exactly or very similarly to my idea. If there is, my ideas came not from reading your ideas but my ideas just came... so I am not copying anyone but just plain coincidence.

I hope that XMLDB could be adopted and used in many databases like how H2 database is able to not only handle it's own file format but also CSV format and maybe XMLDB may even make it into being a stable client-server , cluster and embedded database ?

I don't wish to patent or license this XMLDB if no patent or license ever existed and if someone, having read and decided to adopt this XMLDB as their patent and/or license themselves or for someone, then may the person's patent or license fail to be approved (this is a literal curse) and if they did it in the name of business, then their business (All) would fail badly and bring them to their knees. If a patent of license already existed before, then there's nothing I can do.

Just to clarify, XMLDB is about the file format and the engine format. I would specify more about the specs of the file format and engine format for those who wish to implement and modify it.

Friday, May 2, 2008

Dynamic Extendable SQL

I was coding some software that involves a need for a database as a backend and I was wondering how troublesome it is to always need to edit the SQL codes if the database developers decides to change the SQL commands in an upgraded version for some reason or maybe, what if I need to change another database and their SQL command have some differences ?

I thought that one of the most important thing a software that requires or relies heavily on a database is to be able to be flexible to fit into and accommodate different databases. For example, you developed a software that uses MySQL database and for some reason, a customer wants it to work on their pgsql (PostgresSQL) or maybe on a Java DB/Derby or a H2 database, you have to re-code your database access classes to handle the changes and maybe H2 or Derby or MySQL's command for backing up using custom SQL commands are different. For MySQL , you use a database dump , for H2, it comes with a command called 'Backup to xxx' to do a backup using custom SQL, I am not sure what Derby uses for Backup since I have not used Derby.

I would like to propose the use of some sort of dynamic method where you store your SQL commands for the functions in some XML or text files and when the function is needed to be changed, all you need to do is re write the SQL command in the file and you are off going again. It should be able to handle SQL injections by the means of using Prepare statements or some specially made statements that can handle SQL injections.

With such dynamic capabilities, you can even extend and be able to add in new commands for SQL too if needed.

So now if your customer needs your software to work on some other database, you can just change the SQL codes to those that are needed and the database connection specs , password and username to the database, could be kept on some sort of secured file somewhere so that your database connections and specs and SQL can be mobile and dynamic... always ready to change and take on new challenges that it might face in future.

Such dynamic power and extendability should give your software an edge over the others.

Tuesday, April 29, 2008

Another reason to avoid Microsoft Windows

Read:

In short, Microsoft created a thumbdrive device for law enforcement agents to use to gain access to Windows on machines while bypassing Windows securities.

Firstly, it's a total violation of trust of Microsoft products because such down right dirty things can be done by Microsoft and not just this time but many times. It also violates human rights and rights of protecting personal data. So any law enforcement or any one with that wild card , even Microsoft themself , can go round without trouble getting pass Windows defenses.... and look at people's stuff.

Imagine what happen if one of these wild cards got slipped away or stolen, then cracked and made into some distributed softwares and attackers would have another victory card in their hand.

What happened if countries and government computers running Windows become hacked because of this wild card ? Imagine someone getting hold of a lost government laptop running Windows or maybe gain entry into some government compound secretly or through trickery and managd to plug one of these wild cards in and copy secretive and highly confidential data ? What happened if this happened to some country's defense department running Windows and this wild card somehow found it's way into a disgrunted employee or someone managed to intrude into the building and gained illegal access to defense materials ?

There are many possibilities of anything that can go wrong with this wild card and the above is but a few.

What happened if foreign spies and espionage agents use the wild card to intrude into some other governments ? It may trigger some war or political disaster ?

What happened if the content of this wild card is made into a software and can be used on remote login systems or some virtualized machines allowing remote access ?

So from the above, any government agenices and civilians or companies, should not use Microsoft Windows if they fear their data confidentiality , intergrity and safety.

What a lowly thing Microsoft really could do by creating such lowly products.

I think people should by now have seen so much of the ugly side of Microsoft !

What a shame !

What a low life !

Monday, April 28, 2008

What Linux GUI should do for the dummy

Linux desktop's GUI have been improving tremendously but it has some weak spots.

Read: http://contentconsumer.wordpress.com/2008/04/27/is-ubuntu-useable-enough-for-my-girlfriend/

The GUI , especially for desktop versions, should be created with user in mind ... not just for a user who knows Linux in mind, but also for a complete dummy who just migrated over from Windows. By doing so, it would allow the dummy user to easily navigate and use the Linux desktop with as little trouble as possible.

I think most users do not really expect heavy special effects like what Mac and Windows Vista tries to present. Linux could still stick to it's simplistic and clear UI with not much special effects, but also brings comfort and ease of understandably and use.

If I were to choose between special effects and comfort, I would rather take comfort.

I too had my fair share of troubles while using Linux (Fedora 8) because of the desktop made in a way that they expect the user to have a bit of Linux experience and skills. Over the time, I picked up some basic Linux skills and I am off... but thinking back of the days when I just started using Linux (Fedora Core 4... I guess... I have forgotten the version) , although the desktop was rather usable, I was at a certain degree of lost too.

Comparing past Linux GUI to current Linux GUI, it has gotten better... but it should have gotten far better if it did some UAT (User Acceptance Testing) with some noobs before releasing. I guess Mac and Win might have done some UAT privately before releasing theirs ?

This comment about GUI doesn't just apply for Linux, it applies for all software development. Ensure that your software, if developed for the general public, are made simple so dummies and noobs wouldn't complain much or give an excuse of not using... and ensure that you have got a couple of UAT done before making any Alpha , Beta , Preview , Stable ...etc.. releases.

Tuesday, April 22, 2008

Good BotNet vs Bad BotNet ?

Read: http://technology.newscientist.com/article/dn13753-to-defeat-a-malicious-botnet-build-a-friendly-one.html

It's a rather stupid thing to say this thing is good and that thing is bad. This is good BotNet to counter and protect and shield and that is evil BotNet to manipulate, spam , DDoS ...etc. The notion of good and evil is the weakness of human's mind that likes to create conceptions for their brains to try and understand and comprehend the uncomprehensible...

A blade , like a BotNet, is neither good or evil. It depends on how you use the blade and a blade used for good can be corrupted for bad. You can use a blade to cut up your veg and meat for preparing your meals but the blade can be used to stab you and injure you.

The good BotNet, is just simply some BotNet same as the evil BotNet, use for a different purpose and things can be corrupted easily.

What happened if the evil BotNet could hack into and take over good BotNet ? It would exponentially boost the strenght of the supposed evil and the hacker may allow the good BotNet to act as if it were listening to orders while underneath, getting the corrupted BotNet to do nasty stuff like introducing viruses, trojans , DDoS ...etc ...

BotNets are simply just softwares made for distributed network environment and nothing else.... the use of it... even if the BotNet is equipped with tools for hacking , spamming and DDoS, can be used for good purposes like diagnostics in real time testing ...etc.

The concept of duality (good and evil), is just the limited perception of the nature and working of the world. Things are simply as they are...neither good not evil... What is really good or evil is the perception of the individual and it's use and notions...

Monday, April 21, 2008

Biofuel

Biofuel is a potential solution to the world's oil crisis with prices for a barrel of oil shooting sky wards and increasing with very few decrease in oil prices in the record of oil prices history for modern civilisation. The monopoly of oil is a particularly lucrative business where you can squeeze dry pockets... especially making poor people poorer since oil is needed for many things in daily needs like vehicles, power plant ...etc. I personally see the monopoly and misuse of the power of monopoly of oil and it's prices as a form of tyranny... but anyway, back to the main topic on biofuel.

Biofuel is cleaner than conventional fuel as everyone knows. But the negative side of biofuel is undeniable and not excusable too.

More lands have been clearer to plant crops for biofuel and crops yielded have been focused on making biofuel, rather than on feeding the world's hungry population ... thus similar to conventional fuel, as bad as always.

The current food crisis is because of the diversion of huge amount of crops and lands to the creation of plant based biofuel. Imagine the amount of trees you have to cut down just for something clean ?

The equation doesn't add up !

If you really want to be green, then why do you need to destroy trees and habitats of the wild just for biofuel ? Why ?

By giving up huge pieces of nature just to produce biofuel, it's no better than falling more timbers and producing more green house gases and the cutting down of trees which could be used to convert greenhouse gases !

Look at the current food crisis... people are taking such a chance to jack up their food prices drastically. What a pathetic bunch of species called humans... always living such a low life !

Governments should have rules and controls passed to regulate the crops used for biofuel and the crops for exporting and feeding the people. Fair rules have to be passed, researched to be done, to right the wrongs that hurt the innocent. If governments do not quickly regulate crops used for biofuel and knwo the limits, then situations of hunger and misuse of opportunities to jack up food prcies would keep increasing... thus degrading a country.

In essence, know how much to use for biofuel and keep ample enough for export and feeding the people... Balance, Balance , Balance. Look at the cause and effects before doing !

The Earth would not die ... it's the humans and species living on the surface of the earth and many organic life that would die. Earth have always cleansed itself whenever it's surface is too polluted... but by cleansing itself, many organism are doomed to die.. including humans.

Saturday, April 19, 2008

Oklahoma Data Leak

Readarticle: http://thedailywtf.com/Articles/Oklahoma-Leaks-Tens-of-Thousands-of-Social-Security-Numbers,-Other-Sensitive-Data.aspx

I think such simple and stupid mistakes should never have occured in government agencies. What happened to the testing dept for testing all these codes and sites ? Sleeping on the job ? Well, now the databases associated with these events are truely doubtful and corrupted because who knows someone might have done some changes to the databases quietly? I was wondering if someone did a drop database statement to delete off a database or a couple of all database or did some insert , alter table or update table to insert/update/alter the data in the tables and databases, they deserve it since why are they so silly to allow people to allow literal SQL statement parsing and that method of attack done is called the SQL injection method.

Hmm... it seems the databases now are not very reliable since anyone could have corrupted the data unnoticed...

Friday, April 11, 2008

High Availability Automated Peers concept for BT

If BitTorrent (BT) requires someone to upload/seed by specification either manually or by by schedule, it is still a manual work by humans. If there is some item available with no active seeding because of different time zone of the requester and possible seeders, there would be as good as nothing.

I think the High Availability Automated Peers (HAAP) which I recently just thought of may help lighten the work. I am not sure if this concept is already available but this is what I thought of personally. HAAP would require an automated bot BT client programmed to randomly download or download certain or common BTs and data and the this bot client would go around doing it nealry 24/7 if the owner of the bot client allows. The bot would automatically download and thus would have either a pool of random or controlled items. See these bot clients as mini servers that a re spread out across the world , switched on nearly 24/7 and randomly or according to the owner's orders, downloading items and then upload / seed it. In this way, you would have somme sort of highly available BTs on this server likg bot clients and if there are no humans seeding, these bot clients are there for you to leech if the bot clients do have the items you want and plus, if there are more bot clients, it's also lightening the load of uploads across the board and it would be as good as extra help.

This is just my personal concept I thought of.

Sunday, April 6, 2008

Microsoft in despo mode...

As everyone knows, Microsoft have forced Yahoo to re-consider it's choice of offering itself up for Microsoft to eat. Microsoft have warned Yahoo that within 3 weeks, if there is no agreement, Microsoft would go directly to the Yahoo share holders to buy their shares. By doing so, Microsoft is pushing Yahoo to the edge of a cliff. If Yahoo doesn't agree, Microsoft go to the share holders and grab their share and when Microsoft have enough shares in hand, Microsoft could take over Yahoo outright, if Yahoo bends to Microsoft's will, Yahoo would be eaten up by Microsoft, Both ways, Yahoo could not escape.

The most underhanded way Micrsoft have done to Yahoo is to buy the shares from share holders and it's the one of the WORSE I HAVE EVER SEEN MICROSOFT DOING !!!

It seems Microsoft have not learnt it's lessons from the numerous anti-trust suits by EU and other organisations and individuals against it. I think more anti-trust suits should be slapped on Microsoft with heavier punishments.

I would imagine that sooner or later , there would be some groups of people boycotting Microsoft for it's most recent underhanded ways against Yahoo.

It's not that Microsoft have no rights to acquire Yahoo, but by using underhanded and forcefully brutal ways to acquire, pushing Yahoo to the edge of a cliff... is the WORST I HAVE EVER SEEN !!!!

Microsoft is really in MODE=DESPO FOR POWER

Wednesday, April 2, 2008

Some bloated softwares

Definition of a bloated software: A software that uses too much resource and too much memory and is an overkill. Very little of the original software is used.

I personally don't like bloated software because I have experience the negative effects of bloated softwares... lag , consume too much memory and resource... very little functions is of frequent use.

Some bloated softwares are:
  • Windows OS ...yes... the infamously long boot up time and the frequent lags and crashes and quick using up of memory spaces. If you open the Windows Task Manager and check the amount of processes and memory taken up. We somehow still have to use Windows base products since most applications are built for Windows although other OS flavours like Linux , Solaris , Mac , BSD ... are available.
  • Windows based products
    • Internet Explorer (IE) - I have no idea why this is the slowest and most bulky of all browsers.
    • Live Messenger / Windows Messenger - Takes very very slow to connect and load and I notice everytime it loads , the graphics would lag , screens would appear white areas ... some applications would hang ...etc. Pidgin and other messengers aren't like this... they are fast and don't hang applications frequently or cause screen to appear weird.
    • MS Office based - long load time , take a significant mount of main memory ... some may lag or hang.
  • Adobe
    • Photoshop - weird white space ... bad graphics load up ...but not too bad after that. Takes a bit too much resource though but hey, this is graphics rendering so good graphics... means trade off of some more resources right ?
Just to name a few as of above... but it seems things made by Windows are bloated.

Friday, March 28, 2008

Building chat protocols with security and privacy in mind

Many creators of chat programs just sit fown and write the chat protocols without considering much of security and privacy protocols to be implemented within their chat protocols. MSN, Yahoo Messenger ... they are not really designed to handle security and privacy of messages.

A solution is to simply create a protocol from the very start, to handle privacy and security like encryption of messages , in the native protocol itself, and also leaving space for the expansion of future encryption protocols and security protocols in the chat protocols.

In all softwares and protocols, we MUST always consider security and privacy while designning softwares and protocols while the Information Technology age is filled with uncertainty... hackings... malwares , sniffing of network packets...etc.

Another way to implement security and privacy of the current protocols (including those not designed to handle security and privacy), is to create a software where you can allow it to sit on selected ports (according to which chat protocols you are using), with a friendly GUI interface with full user controls over the actions of this software without any backdoors or hacks and what this software does is to receive packets sending out of the network ports and encrypt the packets and on the receiving end, receive the packets and check if it's encrypted. If the packet is encrypted, it would decrypt it according to what kind of encryption is used.

In simple terms, a software would sit on the required ports with the user's full permission to intercept packets the user is sending out and encrypt it if the order is given and to decrypt received encrypted packets, all done without any hassle and trustworthy to the users without betraying the user.

Afterall, the best way is to create a protocol with security and privacy in mind from the beginning so that it would be more secure.

Monday, March 17, 2008

Next Big Thing in Database techology

This is my perosnal opinion of what might be the next big thing in database technology.

When you insert your datan into the database files, the data files of the database are plain and clear...simply, clear text. It's notprotected by anything.

How do you secure your database files then ? Simple... just encrypt it. What happen if you need to do a JDBC or ODBC call to your database and the data flowing through the channel(s) are sensitive? You could encrypt the data . One of the encryption technology you can use to encrypt your JDBC or ODBC is SSL.

In simple terms, the next big thing in database technology is higher security and protection to your database and JDBC / ODBC connections. I think the reason why such a growth in encryption channels is because of the inseurity of the netowkr and the Web. We are constantly under survillence not just by government agenices, but also by hackers and malicious users. These entities would be more than happy to gain quick access into your database and look at your things, and for hackers... they would make a bad mess or harvest the data in your database.

I am a member of a couple of forums and two out of the few forums I am a member, have been hacked. One of the forum had the database data being harvested. Personal information could be leaked.. like private email addresses and passwords. We could change the forum membership passwords when the forum is restored. Most of us use a small amount or even just one password for emails, forum access ...etc. The hackers may have guessed it and use the forum membership password to hack into and try to access your emails and other accounts related to you.

You could spend your time coding the codes to tunnel JDBC / ODBC connection through SSL or you could have your work done by the database (which means the creators of the database have already done that for you). You may want to encrypt every byte before loading them into the database or you could have the database engine do that for you.

H2 database system does just that. H2 JDBC connector allows users to tunnel JDBC through SSL by specifying it in the JDBC connection and it's just that simple. You do not need to code the tunneling yourself. H2 database system also allow an option for the user to select whether to encrypt their database or not to. H2 supports AES encryption and XTEA encyption algorithm for the database file level encryption. Like the JDBC/ODBC SSL, all you need is to specify it in the JDBC connection and leave the database to do the rest for you.

H2 database system: http://www.h2database.com/html/frame.html

The future of database systems could be more about the emphasis of security and privacy.

Monday, March 10, 2008

A possible way to protect disk encryption...

By now, many would have known that disk encryption is getting vulnerable because of the weakness of the designs of disk encryption where the encryption key is stored in the RAM. Rather than storing encryption keys, It would be useful if future software disk encryption designs would prompt user for the keys or passwords rather than storing it. When lock screen or hibernation or sleeping mode is engaged, the RAM could wipe out the key from memory so the next time the user wakes up the system, the user would need to key in the password or key again. When the computer is shutdown, the key can be wiped off after encryption of the data. To take to another step of security, rather than just wiping off, replacing the data with fake random data or turning the data into blanks or unused segments or sectors would be rather useful. The only thing left for the user to lose their data other than brute attacks to logins or crypto-attacks is for the user to be careless either to spill it out or leave the computer unlock while away.

There maybe other ways to improve disk encryption. But this is the best I can come up with for now.

Maybe, another way is not to apply a full disk encryption ... rather a file encryption.. so the only way to open the file is for you to authenticate it in some ways.

Dynamic Server

As many IT people may know, many servers need to run on a static IP address. What if you do not have the money to get a domain or you don't wish to or if you are just setting it up at home for home use for your server applications or if you are a bit more ambitious to allow both home and public use ? How can a server be created so that not only could you put it into a normal home network (usually home network are on DHCP) ?

I have thought about this problem and I have came up with a theory to solve it. Since your server apps is residing on a DHCP based network and it's not possible or out of your technical knowledge reach (for non-geeks) to have a static IP, your server apps can use bit torrent technology to help you out.

Simply, your server apps should be able to detect a change of your server's IP address and it would quickly grab it's new IP address and somehow format it and load it as a torrent and publish it and also send a message to clients that are still connected , the new IP address. You may want to create a bit torrent similar structure. When your client notices that the IP address of the server is changed, they may want to access a certain torrent or bit torrent like structure for the new IP address. Why use a bit torrent like structure ? Because of the ability of bit torrent to publish and spread data quickly. It's best to make use of the bit torrent currently availbale rather than your own structures because bit torrent is so widely available and well known, thus making availability not an issue. You can just seed your data and it would be published.

If you have an array of mirrors for your server apps , the array of IP address can be released within the torrent and thus making availability not an issue.

An example, if by some means such a theory were to be incorprated into webpages and if the main Wikileaks go offline and Wikileaks publish in a torrent the range of IP addresses of other servers, it would become very available.

If you have a server apps on your laptop and you are always on the road, people can easily connect to your mobile laptop via the above theory easily... as long as your laptop is powered up and your server apps is online.

I hope some great minds with a sense of liberty and security would fulfil this theory and make it possible and open source and allow full and unhindered access within biasness or discrimination so that it can benefit anyone and everyone.

Maybe who knows one day, the internet maybe truely mobile where your webpages are stored on your laptops and are mirrored to your desktops and other user's desktop allowing access without the need of a static server. The only thing left to be concerned is security because if you store data on someone else desktop as mirrors to your actual stuff, someone might play with your contents.

The future of the Web would be P2P with wings rather than static servers...

Friday, March 7, 2008

Unmanned Space Droids

Read:

http://www.msnbc.msn.com/id/23512686/


The alternative would be unmanned humanoid droids with small booster engines and robust communication systems and fault tolerant systems. By the standards of current chip and processor technology and huge improvements to robotics technology, I don't see why it would be hard to make a couple or an army of unmanned humanoid droids for space as repair crews , pilots and reconn units. The Japanese managed to create child size robots with good amount of intelligence and even the capability for robots to learn. If the technology were to be used for these space droids, missions would be less risky and if you lose a robot ... it would be less painful than losing a living human and robots can be far more tolerant and longer lasting than humans. you don't need the robots to have very very good leg walking skills which many robots still lack ... all you need is small thrusters on the robots to move them around. If they need 'food', they can just be plugged in and recharged or they maybe able to carry a mini solar panel array so they can continue their work for longer period of time. Like unmanned UAVs, all they need is a ground control station or a couple of stations and backup system that are fault tolerant. If staff on the ground want to inspect and repair,they just need to remotely control the robot from Earth to carry out missions directly or crews from the Space Station can use an inbuilt control center too.

I think it all needs 4 years of intensive research and the robots would be fine on their way.

A module for housing the robots and recharging them should be used as a package too.

Virgin and SpaceX can be considered for supplying and transportation.I think it's time for cooperation between government and public sectors to improve space technology instead of any hold backs.

Sci-fi and games are becoming more real as technology advances... but are humans' consciousness and spirituality ready for it ?

If Universal ID were implemented... how should it be implemented ?

Imagine if the world want to have a universal ID code ... how should you go about making one. My personal approach would be to convert our DNA sequence into some sort of a code. There are 'A' , 'C' , 'G' , 'T' for the DNA sequence. These four letters can be used as it is to generate the code or it maybe represented by certain bits or bytes. When the full DNA has been converted into a list of ACGT or bytes or bits , some hash functions can be used to make the code more efficient. DNA is unique in everyone so if you want a convenient universal ID , a DNA saliva swap , encoding and hashing can be applied (the hashing and encoding should have only one style for ease) and you would get the person's universal ID.

I wouldn't encourage universal ID because it's going to hinder personal privacy and as you know , data leaks by hacking and bad softwares or espionage is so common... no data can be gauranteed safety and privacy ... and who knows what people might do to you with your ID known to them... I think universal ID is not a good idea .

This is an abstract thought on how to implement ... but I would discourage anyone trying to use my method above to use it for universal ID.

Disclaimer: If this method is somehow available before the date of publishing of this post, by no ways or means do I know anything. This is a thought that came to my mind rather than referencing someone's ideas.

Wednesday, March 5, 2008

Portrait of the Modern Terrorist as an Idiot

Read:

http://www.schneier.com/essay-174.html


An article written by the famous cryptographer and security expert, Bruce Shneier. I agree with this essay a lot.. incompetent terrorist , government and media .. as Schneier puts it. Why didn't anyone take into detailed consideration of the thick walled fuel tank and pipelines that have vault on them to stop oxygen and thus explosion ? Is someone trying to kick up a usual fuss again ?

An example of pettiness in the industry

Read:

http://games.slashdot.org/games/08/03/04/204255.shtml

Although I personally don't approve of MySpace or FaceBook or any networking sites where you put up too much of your personal data online( including birth date , age , gender , personal contacts ... etc) , the main focus is on the electronic Scrabbles game made by two Indian brothers.

It shows that those companies going against just two brothers ... only two brothers .. are willing to pool all the resources ... just to 'kill off' two person. Isn't this really too much ?

I personally feel that those companies should have worked with the two brothers ... to expand the influence of their games... rather than turn on the brothers. Why don't you use these two talents when they are standing right in front of you ? If you managed to get the help og these two brothers, you can create better versions of the Scrabulous and maybe a Scrabulous Pro version where some money is needed for some sort of subscription ?

It shows how petty these companies are.... these are not the only cases where patents are used so carelessly and without a second thought and so commonly misused... just to squeeze as much money out of the poor victims. If the victims were huge companies deliberately violating and making huge amount of profits for their very own use ... then maybe they need a squeeze... but these are two brothers who wrote the program for free...

Good work for the two brothers... this is the spirit of Free Software. Maybe you might want to seek the help of FSF if you get into any trouble (as long as your software is free and open source ... FSF would help defend you).

I think patent owners should really think twice before they use their patent rights ... because most patent cases.. according to my observation .. are carelessly and most often... misused.

By misusing patents rights, patents become a symbol of control... not freedom .. and thus generate more negative feelings towards it .

Sunday, March 2, 2008

How go is encyrpted email ?

Read:

http://lifehacker.com/software/encryption/how-to-encrypt-your-email-180878.php

This article teaches you how to setup encryption for the email client called Thunderbird. You can do encryption even for Gmail , Yahoo mail , Hotmail ...etc. You don't need an email client to do so and you can do it in a web-based email situation. All you need is a software to encrypt your message with your private key and generate a public key. Publish the public key somewhere.

Refering to the article's scenario, what Joe could have done to read Sam's emil to Jane is to suspect an encryption in the email because of the weird cryptic message. Using a search ... maybe via search engine like Google or other means of search to retrieve the public key.

With the public key , Joe could use it to decrypt the encrypted message. This is to assume that the public key is found. Another scenario is that Jane publish her public key by sending Sam in a previous message her public key. If Joe captured the message containing the public key... it's game over. The best way is for Jane to meet Sam personally to give him the public key or over the phone... by what if Joe somehow manages to eavesdrop on the phone call ?

Using Diffie Hellman for creating a shared secret key is going to be troublesome because a few values have to be actively exchanged between Jane and Sam before both get the secret key made.

Anyway , how safe is encrypted email ? Against people who have little will...it's definitely effective... but what if it's up against someone who is so willing to eavesdrop...have the people , have the resources ... have the time to do so ?

Wednesday, February 27, 2008

Vista in Shambles

Read:

http://news.bbc.co.uk/2/hi/technology/7205059.stm


Vista have a very bad track record of all Windows product. Firstly, it has a delayed release date. secondly , it is bloated and requires lots of resources just to keep it afloat and third is that is' SP 1 is taking such a long time to release and the SP 1 have been warned to be as unstable as ever according to BBC's link, which breaks softwares. Who knows how many more software would this SP 1 break ?

Service Packs , updates and patches are very very crucial and important of any software development of an enterprise scale. No one wants to leave their system unpatch and left vulnerable to attackers and bugs running all over uncheck causing destruction and trouble. For an enterprise business , an attack on a company's system can bring down millions of dollars worth because of the down time and the need to repair and fix the system.Investors may also start to lose their confidence and become doubtful of the systems the company may use.

Since Windows is a widely use operating system and Vista have been installed in many computers and many people using Vista would be affected.

From the beginning , Vista started out with a terrible performance ... I doubt how well can it go.

Microsoft is already planning for another version of Windows OS to be released. I wonder would it also end up like Vista ?

Tuesday, February 26, 2008

Fake Shareaza

Read the two following links :

http://yro.slashdot.org/yro/08/02/26/102239.shtml

http://torrentfreak.com/shareaza-imposter-lawyers-threaten-forum-080225/

It seems rather stupid for the owner of the Shareaza domain name to put the domain name into the hands of someone else. In cyber security, you do not trust anyone because anything can happen. Look what happens when you entrust someone your domain name. They make a fool out of you and turn against you. And the company that spoof off as Shareaza is totally horrendous and is worse than any word in any language or dictionary can describe. Not only does the company spoof off as Shareaza , it turned the trust against the previous owner and now threatens the forum of Shareaza just because someone calls for a DOS attack. It's not that I am downplaying a DOS attack... but I think the company that spoof off Shareaza should have approached the forum admins to request for an alert and take off that post rather than going for legal stuff first. The company really made the forum admins of the Shareaza forums look stupid by first approaching the court ... as if the forum admins are not mature enough to handle small situations like a bad comment. Does the company that spoof Shareaza have any proof other than the forum post that a DOS is coming or already happened ?

I think the company who spoof off as Shareaza should also face legal consequences for spoofing off as someone , violating GNU GPL license , defaming Shareaza through spoofing , attempting weird actions like installing some unknown toolbar and given a warning but if that company who spoof off as Shareaza continues it's outrages actions , the courts should issue a cease or desist order to the company that spoof of Shareaza and a hefty fine.

I think the company who spoof off as Shareaza is lucky not to be in my country or the offense would be far heavier if brought before the courts in my local region if found guilty of attempted conspiracy against the original Shareaza.

The actual Shareaza site is hosted with an open source community: http://shareaza.sourceforge.net/

Disclaimer: This post is my personal opinion and readers are reading at your own will. No responsibility or legal actions would be pointed at me because you are reading this at your own will.

Sunday, February 24, 2008

a rant on the grim future of tech

Whenever a new technology emerges , somehow man kind would manage to corrupt that technology to meet one's own selfish end. I foresee and dare say that the future of humanity and technology would continue to go down this corrupted road ... this road of danger and perils. Mankind have created computer virsuses and bugs , malwares , adwares , trojans .. deliberately twisting codes to create backdoor or corrupt a system... Humans have use technology to kill each other (guns , weapons , genetic alteration of viruses and bacterias or harmful substances , elcetronics ... mechanisms) and also to harm and destroy other species and creatures around us.

Mankind have always and would always corrupt new emerging technologies that may promise new hope ... turning these technologies against ourselves and others.

How pathetic human kind are. I watched an anime , Shigofumi , and one time , the main character , Fumika , sighs at how pathetic human beings are compared to those who live in the afterlife or other creatures. I would agree hands down that how pathetic human kinds are. We created encryption and other software products like firewalls and anti virus to protect ourselves , but also at the same time , traded our freedom for some jumbled up cryptic message to protect our message content (encryption) , cage ourselves in (firewall and filters) and have to constantly live with fear that someone would just break into our systems and take over.

I can foresee new exciting technologies over the horizon , coming out , but I see the other darker half of these new hopeful technologies too...

Friday, February 22, 2008

Net to Desk

I was wondering if there is such a software that could allow users to access their forums , chat rooms , blogs (blogspot.com , blogger.com , flickr ...) and emails right from a single desktop application. It would be nice if you could access all these stuff just a single desktop application rather than going to each webpage in a new window or tab. It should be able to gather all the data and tell you if there are any new messages , posts , Private / Personal Messages ... etc ... and then place them all together in a uniformed and clean format like a tree structure or table form so that you can quickly glance through all the new stuff without the hassle of logging in and opening many pages and flipping through every single stuff.

The connections on both sides can be configured for SSL encryption to if possible since security is always an issue. The ability to invoke virus scanning from your local installed anti virus would be useful which is something like Microsoft Outlook which allows plugins for anti virus to scan downloaded mails.

So all you need is one desktop application to rid the hassle of going to mulitple pages and read through the entire pile of them.

I think if it's possible , maybe it should be made to be OS independent for the software programming language like C , Java , Python ...etc .

Well.. this is just an idea...

If anyone knows of such software application that can allow you to access and manage mulitple forums , blogs , postings ...etc ... maybe you would like to place a comment containing a legit website.

Tuesday, February 19, 2008

Secure Sites and Forums

There are many cases of websites and forums being hacked , defaced , attacked , ransacked of data from database , corruption of the data ... etc. I am a member of two forums and both forums have been hacked or in the geek word , 'pwned' . I tried to suggest security reforms to the forums but they either do not have the money to implement security and are currently gathering funds or some are just down right stubborn and ignore.

Here's a warning to all website and forums owner and also some basic educational materials for these websites and forums owner to kick up their defenses and do it ASAP !

The most common way to down a website or forum is to use Distributed Denial of Service (DDoS) or if it's a smaller scale and done from a single origins point , it is called simply Denial of Service (DoS). In general , DoS and DDoS are the same except that DDoS is a wider distribution of attack consisting of harvesting the resources from multiple computers over a vast area like a network and all these computers are primed to attack at a single point of time to increase it's deadly effects. A DoS itself may just well be a single computer doing the attack. In simple , in DDoS .. you have more computers over a distributed network... DoS is simply the basic form of DDoS done without a distributed system supporting it.

The most crucial factor in DDoS that makes it deadly is timing. Timing needs to be right so that all the resources can be unleashed on the target at a single time , making a huge 'tsunami' to overwhelm the target with request of service and thus overwhelming the target with an overflood of request. One of the easiest way of DoS is by continually requesting for resources like certain webpages or files. If it is well timed and the resources is huge and all the target request for a single one resource , it would be overwhelming . There are tools to handle DDoS and a couple of open source projects do currently produce DDoS prevention tools. There are also commercial tools for DDoS prevention. A search using Google to look for DDoS protection tools would yield a number of results you may consider. If you don't have the money , head to Open Source or freeware projects.

Web hosting servers should always have Intrusion Detection System (IDS) to identify any attempts of intrusion. Although IDS detects intrusion , many may not have the capability to preven , so you would need to act and prevent yourself. Some are more advance to include prevention capabilities to automatically prevent intrusion. Snort , an open source IDS project is a widely used product that is free of charge.I am currently learning of the capabilities of Snort myself so I could use them on my own computers too.

One of the most common ways to attack is by opportunity and leaks. One of the most common things many coders may leave in their login or code structures are hard coded values. For example , you may think of hard coding some values into your webpage design for easy login access but this is a very bad idea. It is as good as leaving your key in the door knob. All it need is for someone to analyse your codes and if you leave any hard coded important values like login values nand stuff, do know that you are endangering yourself and the users.

Using default settings for your security software e.g. default router or firewall passwords shouldn't be allowed. Default passwords are one of the first few things hackers would be glad to try out since they know how careless people are when using passwords. Do not leak passwords to anyone , not even your friends, unless they are part of the administrative team for the website of forum tasked to handle maintenance.

When you are sending request data or respond data over between the user and the website's hosting servers , data are being exchanged including sensitive data like passwords and username. There are network packet analysis tools like Ethereal and Wireshark (the latest version and the renamed name of Ethereal). Ethereal/Wireshark have a simple GUI interface with manuals on how to use and all you need is simply specify a network device (LAN , Wireless...) and it would sit there and capture all data packet passed within the network and you would be surprised the amount and detail of data being captured. I was doing a test setup with a colleague when we are supposed to use Ethereal/Wireshark (legally) to test the safety of the data being passed between certain applications. Both of us opened a web based messenger and logged in and send message to each other for a while and we when back to look at the Ethereal/Wireshark. The data captured include our email address , password , username , names of the contacts in our contacts list and the chat conversation all in plain html text format. If such tools can capture web chats in nearly plain human readable format , why not for web applications like login and authentication and forum postings ?How do ou handle these sensitive data. You can use Secure Socket Layer (SSL) or Transport Layer Security (TLS) , to encrypt your data and send between each other and also to verify each other's identity if needed. There are many data on TLS and SSL available online. The problem with SSL and TLS is that you need a Certificate Authority (CA) and many companies in the CA business requires you to pay them some money to allow you to use their service and many forums and sites are either created with a constrainted budget or the creators of the site or forums may not have any knowledge into security. I hope some community or companies would be kind enough to open a sort of free CA business for others to use so to promote security. There are a couple of open source free CA software where you have to install into your server but most of the time , these personal CA are not trusted by the web browser and the web browser would prompt the user to either accept for reject the suspicious certificates and thus making your website or forum look a little bad. But if you don't mind your users being prompted by the web browser about your CA as being untrusted , you may want to convince your users to add your personal CA as a trusted one... but these are too deep into the technical end for most people.

SQL injection is bad for your database since it allows corruption of your data and there's a vast amount of data on SQL injection and even examples available on the internet. Do a simple Wikipedia or Google search and you would get the data.

The devastating effects of a hacked site is not merely just defacing your site or forums andhackers spoiling your forum or sites foundations or database. Many hackers do harvest data from your database and may implant backdoors if possible or may corrupt your websites. The most dangerous is the harvesting of data from your database if you have any. The data in the database contains personal information and these personal information can be used to drive other criminal activities like black mailing or other hackings.

Most people use the same passwords for their websites , forums , emails , Operating System login ...etc. Once you have a password leak from the harvesting of data from the compromised website or forums , these passwords can be used to unlock other of the personal stuff like emails rom those users in the database. Do alert your members to be aware of the websites and forums being hacked if it happens in an honest fashion and do tell the users to either change their passwords (not only for the websites of forums database but also for the email addresses they use to register ).

Remember , do always secure your websites and forums. The most important thing is to be alert and always know how to use security tools properly.

Saturday, February 16, 2008

MS Word 2003 and OpenOffice .. and a rant of co-existing...

I was typing my document in OpenOffice 2.0 (.odt) at since I am experimenting with Linux and I wanted to make some quick notes with graphics and stuff and the best I can get is OpenOffice. I tried to open it in MS Word 2003 in another personal computer I have running Win XP and it failed to open.

Why haven't Microsoft come out with a plugin for OpenOffice to allow opening of OpenOffice files ? Isn't it a fairly simple logic ? If you want to dominate a market , you weed out your competitors. So you would deprive others of chances... Why can't Microsoft co exist with others ? Including in terms of file format and cross platform operability , why can't Microsoft co-exist and keep denying of service with other players ?

What happen if a great and very profitable product were to be developed to work on a competitors product and it's selling so hot but of all things , it doesn't work just on Windows platform . Do you like the same thing to happen ? Do you think you can always dominate a market ?

There is always new risings everywhere. new breakthroughs , new products ... All things is impermanent and all things are subjected to changes...who knows if someone might succeed Windows and Microsoft as the next giant.

Although there are much nasty things about this software giant (Microsoft) , at least it's willing to create an MS Office 2007 to OpenOffice plugin and that's a first step of cooperation.

What I really wish is for a harmonious relationship between platforms of Microsoft , Linux , Mac , BSD , Solaris ...etc. i don't like to see them at logger heads. It's very frustrating to see wars between them. I think Microsoft should stop trying to make things difficult for Linux users and stop telling Linux off that they have violated this copyright , that patent ..this and that. Linux have much things to offer for Microsoft to learn and Microsoft can teach Linux a thing or two. If everyone were to drop all these wars and get together to brainstorm in harmony , I think technology would grow by leaps and bounds and the foundation for technology would be very stable and resiliant to malicious attacks (the technology isn't stable yet these days) .

Thursday, February 14, 2008

Internal Window like Frame ads pop up

I think everyone have made many situations where they visit websites like hotmail or microsoft or msnbc and when your mouse just runs over an ads banner or the ads maybe automatically programmed to pop up , these days they don't use a normal html windows where another mini mrowser window or another new tab is opened. I think these new ads internal frame like pop up are getting very very irritating and when I tried to click the close link on the internal frame like pop up trying to hoepfully get rid of it so it doesn't block my view of reading (yes, the pop up opens big and blocks your damn view while you are reading an article and this is what hotmail , microsoft and msnbc have so far to my observation being doing) and it's irritating. Imagine when you are reading and your mouse acidentally moused over the ads banner and caused the pop up or if the ads pop up just sprang up automatically... it's damn irritating all the time and many blocks your view of the articles you are reading. I think anti pop up makers may want to look into such internal pop ups as a new feature in their pop up and ads blocking. The most irritating part is that some close links for you to click to close the pop up just wouldn't close or the close font is sometimes too small to click.

Another thing more worrying is that the javascript or codes for doing all these pop ups or the close link may or may not contain some malicious codes , compromising your system. There are many reports and cases how malicious javascript codes are used to compromise systems and these are very wide spread and since many users are not going to look at the source codes or don't know any jaascripting , they are very likely to fall for such traps. Who knows if the close link or the pop up script including silently logging your ip address , mac address or covertly compromising or making your system silently opening a port to download some virus or trojans or worms ?

I my sound very far fetched but why not since javascrit have been used by malicious coders to infect innocent and unsuspecting users ?

It's history replaying itself with a new twist.

Friday, February 8, 2008

Encrypting Files and Hard Disk

The famous Edison Chen episode is well known in Asia. What can we do to further protect our data from leaking to hackers and malicious or nosey idiots ?

The simple answer is encryption. There are many cryptographic softwares out there with simple and intuitive user interfaces for all to use. Even a novince or a dummy in computers could use them because all you need is to specify which file or hard disk you want to encrypt and think of a password to encrypt the file and others would have a bad and hard time trying to decrypt it. Although there are crackable encryption algorithms, but there are also good encryption algorithm that would prove to be a challenge for nasties.

The below are encryption algorithm I would recommend for encrypting files:

> Blowfish 64 bits for small unimportant files and 448 bits for max protect
> AES 256 bit, Rijndael (international standards)
> PGP 1024 bits or 2048 bits for near military grade and super paranoid ones
> 3DES (Triple DES) around 100++ bits should be good
> Twofish 256 bits

The password or keys or key file made from encrypting should always be kept safe and secret because if a password or key is leaked, it could be used to decrypt your files and make it not secret any more.

For techies, another technique is to give the file name a random name without meaning so it doesn't imply anything sensitive and save the file name in a well protected encrypted file that maps the random file name to the actual meaning and name of the file. This encrypted reference file is crucial and must at all cost protect it from harm.

Below are some programs I recommend to use and these programs are not made by me !

> AxCrypt: http://www.axantum.com/AxCrypt/ (Windows only)

For non-Windows users, it would you could visit the open source software community at www.sourceforge.net and key in key words like 'encrypt file' and something similar in the search to find softwares that can run on your platform for file encryption.

For storing passwords, try out the free open source software made by the famous cryptographer Bruce Shneier and his team, the PasswordSafe: http://sourceforge.net/projects/passwordsafe/ .

For those who are determined to encrypt their entire hard disk, you can try TrueCrypt: http://sourceforge.net/projects/truecrypt/ .

I do not gaurantee anything of these softwares but merely just my opinion, so if there's anything wrong , I am not liable for any responsibility.

The best way is obviously not to put sensitive data or even have them so if there's no sensitive data, then no matter how people try to find it in your computer , they would only find common stuff around.

What if Symantec modifies and uses ClamAV engine ?

As like any computer paranoid user , I would always have an anti virus installed into my computer before I install other applications and I have always been using Symantec's Norton Anti virus. The one weak point I know of many years of using it is that it does take up a bit of processes and can be rather bloated and when I do a full hard disk scan, it takes up so much resources that I have to suspend all my activities including games and just leave it alone. I switched over to Clam AV solutions and it feels so light for my processes and when i do a full hard disk scan, I still have my games on and chat on and other applications and NetBeans IDE still running while ClamAV does it's scanning faithfully. I wonder what would happen if Symantec decides to adopt and intergrate ClamAV's engine into theirs and decides to find improvements to make a bloated Anti Virus software into something lighter. That would be good for all Symantec users if the software becomes lighter and still retails it's power to handle virus.

I think ClamAV needs to catch up on the area of auto protect which most anti virus software have already embedded this function in it's software since past.

Friday, February 1, 2008

Micorsoft + Yahoo ?

Refer to : http://news.bbc.co.uk/1/hi/business/7222114.stm

Microsoft have been dominating the tech industry for a very long time and now wants to take in Yahoo . I wonder what's happened to the world ? Trying to be the one sole Conqueror ? This comment is not applied to Just Microsoft but to other companies including Google or anyone whose trying to eat up companies just to become more powerful.

Then what would happen to smaller companies or companies and organizations that just started up ? In this way of trying to monopolize tech industry , the one getting hurt are not the bigger companies since they are all fat and well stocked up to take damages , but the ones receiving the hardest blows are smaller companies.

Schemes to help and fund smaller companies and organizations to grow are not really out of kindness but some sort of a gamble and an intent to eat them as well anyway if these companies create good products or services.

I think simply , the market is like a battle place as the Sun Tzu Art of War said. All these 'kind' schemes are just something to make use of an just another tactic to try and dominate the market. The tech industry / market / community is just like the War States in Ancient China where everyone tries to fight and become the Emporer.

It's just so irritating and tiring to always hear news of whose going to eat up who and all these stupid competition for fame and power.

No wonder humans cannot improve and evolve spiritually because they are all overly attached to the gross material. If this goes on ... no matter how go human technology is , we would further devolve further into a very sorry and pitiful lowly being if compared to other species around us.