Monday, February 28, 2011

Should I Trust A Third Party App Store

Read:
Can you really trust an unsanctioned third party app store ? Not at all because you never know what codes they have in their apps. Sadly people are willing to risk it. 
Google should quickly push out a stable app store API so that developers could create applications that could be connected into the official Android Marketplace and be able to download trustworthy apps.

Sunday, February 27, 2011

Thunderbolt technology

Read:
Do we really need yet another port on the side of our computers and laptops or portable devices to transfer at the speed of 10 Gbps in either directions ?
We already have USB 3.0 in the waiting list and now we have yet another port.

It all about speed, speed, speed ....

It's a cool technology but it's not something of a need since we have USB 2.0 and Firewire and the upcoming USB 3.0.

People are looking for sleek devices but another port on the sides of our device makes it bulkier to attempt to accomodate for multiple ports.

Thunderbolt is cool but it's not a must. Focus on USB 3.0 first, Intel.

Tuesday, February 22, 2011

Securely wiping SSD

Read:
If this is true, secure wiping of SSDs would be very difficult if done using software. 

As always, the best practise is to simply encrypt the files right from the start of it's creation rather than half-ass effort of encrypting the files a while later when some backup copies or temp copies start to spread all over your system. Even better, setup an encrypted filesystem right from the start so that your files would be transparently encrypted without you needing to select every single file to be encrypted.

Anyway, software-based secure wiping have never been proven to be specifically secure because the software MUST depend on the OS level to do the 'FSYNC' methods or write methods onto the hardware and each hardware have their unique quirks too nonetheless.

To truely be secure in the destruction of the data on your hard disk, you need to destroy it physically by structurally rendering it impossible to be repaired and recovered anymore.

For the usual circular hard disks, magnets (strong rare earth magnets or very strong electro-magnets ) may possibly wipe and skewer the data bits but the best way is to take a sharp objects and randomly and tightly scratch each side of the circular plates. Another way is to toss it into fire, thermite it, shoot it multiple times with a 12 guage shot gun... whatever ways that would physically render the hardware irrecoverable.

For flash based (USB devices, SSD, flash memory) , you do have to short circuit the chips with high voltages. Then finally, you may want to be more thorough by using fire or thermite. Maybe using a chisel and / or a hammer that is heavy enough to turn it into brittle fragments would be useful too.

All in all, software based wiping seems to be less useful these days and the better things are to physically turn the hardware into some irrecoverable hardware.

Have fun using thermite on your data storage hardwares. :D

Sunday, February 20, 2011

Police chief teaches how to keylog

Read:
Totally absurd. so that the parents could use their new found script kiddie skills and boast, steal commercial information from office and commit crime ?

Saturday, February 19, 2011

AES-NI

Read:
Hardware based acceleration, aid and execution of the AES encryption is something that is juicy and nice but overall, I wouldn't trust my AES encryption to my hardware to do the job. The reason is simple, you never know whether you could trust the hardware makers for NOT ADDING BACK DOORS in their hardware or some makers simply don't understand how to implement AES correctly and thus make all the mess and make security even weaker or broken. There have been storage devices that claimed to have hardware based AES encryption but more than unlikely would I ever trust AES implemented on hardware because there are manufacturers whose 'AES hardware encryption' were simply NOT AES at all but doing 'XOR-ing on the data bytes' or some psuedo encryption.

I would rather trust a properly implemented and trusted software based AES encryption where I can see the source codes and make a decision if the implementations are trustworthy and secure for usage or not.

Saturday, February 12, 2011

Using H2 as a teaching tool

This post would be about the usage of H2 database for the purpose of using it as an educational tool for Database Systems lessons and classes.

Recently, I have seen institutions that offers Database courses and they would use Oracle as their DBMS for educating students in Computer Science and Information Technology courses. In fact, many schools and institutions uses Oracle. The sad thing is few of these institutions are creative or innovation enough to find a good tool other than Oracle to teach SQL and Database subjects.

The most recent encounter with a school / institution (which I shall not name) uses Oracle as well. The students would either use SSH or Oracle SQLDeveloper to access the school's educational Oracle Database.

Because of the problems of allowing student's CREATE, INSERT, UPDATE and DELETE statements that may affect the Database as a whole, all of the students only had 'SELECT' privileges enabled. When the students had to test out their hands on the CREATE, INSERT, UPDATE and DELETE statements, there would be the usual error for the lack of privilege. How is a student going to test out his or her CREATE, INSERT, UPDATE and DELETE statements on the Oracle database if they couldn't do anything except SELECT ?

Mind you, not even view creation is allowed. That is how restricted the privileges are.

Some schools would advocate the students to install the free Oracle (version 9, 10, 11)G of the free database and it would be gigabytes of space wasted and hours long of installation. It would be tedious and we all know setting up Oracle database is a pain in the ass. The good thing is that since the database is setup on the student's side, they have the freedom to test out their CREATE, INSERT, UPDATE and DELETE statements. They would be given SQL scripts to copy into their databases to setup the database if anything goes wrong.

This is where H2 database steps in to save the day for students and teachers.

H2 database is only slightly more than 1 MB. How big can that be ? All you need is to unzip the zipped H2 compressed file to the Desktop or somewhere you want to keep it and then go to the '/bin' file and a double-click on the 'H2-(version).jar' file and it would simply load up the H2 web based console with NO HASSLE at all.

Now, this, as I have described above, is so easy. How difficult can using H2 be ?

Many schools and institutions may not want to give student SQL scripts because they include SQL statements which the students may reference for their assignments and even copy them wholesale. This is not a problem with H2. 

According to H2 database's  online help: "http://h2database.com/html/tutorial.html?highlight=CSVREAD&search=CSVREAD#firstFound", under the subheading of "Importing Data from a CSV File", you could create tables and import data using CSV File (but lacking of the constraints and data types) or you could simply just import data.

The strategy I would propose is for the teacher to hand out an SQL script file that handles the creation of tables and setting of constraints and also a CSV file that contains the sample data for the tables. The SQL file and CSV file would be placed next to each other. The student simply needs to open the SQL file and edit the location of the CSV file within the SQL statement that reads the CSV file to populate the database tables and when all is done, the student uses the H2 command 'RUNSCRIPT FROM (filepath of SQL file);' and H2 would run the SQL script file and automatically create the tables and populate the data.

Below is a set of SQL commands on H2 database to prove my point. Use the H2 Console (or double click the H2-.jar file).

-- Comment: Create the test table and insert values --
CREATE TABLE TEST(ID INT PRIMARY KEY, NAME VARCHAR(255));
INSERT INTO TEST VALUES (1, 'JOHN');
INSERT INTO TEST VALUES (2, 'MENA');

-- Comment: Script out the test table to a CSV file --
CALL CSVWRITE('/home/linux_user/Desktop/test.csv', 'SELECT * FROM TEST');

-- Comment: Go to the location and check if the CSV file is successfully made --

-- Comment: Delete table for the demo --
DROP TABLE TEST;

-- Comment: Creating tables using your own SQL statement and then reading the data from CSV file to populate table--
CREATE TABLE TEST(ID INT PRIMARY KEY, NAME VARCHAR(255))
    AS SELECT * FROM CSVREAD('/home/linux_user/Desktop/test.csv');
As you can see, the H2 database provides nifty functions as above to setup the database and tables without exposing INSERT, UPDATE, DELETE statements that students may copy directly into their assignment sheets for submission.

Most databases have very horrendous interactive consoles or methods of interaction that really put people off but H2 database provides a very user friendly web based GUI for interaction with the databases. If using of GUI is too 'noobie', then H2 also provide terminal consoles too.

Lastly, H2 database is FREE as in you can modify the source codes, the source codes are freely available and you don't have to pay a single cent to get the source codes or the executable files. 

The forum for H2 database (http://groups.google.com/group/h2-database?pli=1) is a very friendly place and answers are quickly answered and handled. Thomas Mueller, the original and lead developer of H2 database is always hard at work trying to improve H2 database and it's user experience.

Do consider using H2 database as an alternative teaching tool for Database related courses and subjects in educational institutions and schools. I am sure it would not only improve the user experience for the students but for the teachers too.

Pot calling the kettle black 2

Read:
Part 2 of 'Pot calling the kettle black' series of Government hypocrisy. US Govt wants to restrict the sales of network surveillance and control tools but isn't the US Govt doing the same thing to it's own people ?

Another nice example of US Government's 'Pot calling the kettle black' scenario.

Burn with the Devil

Read:
New CEO of Nokia is a former employee of Microsoft. You wouldn't be surprise how Nokia quickly got special deals with Microsoft. Nokia's new CEO decides to dance with the Devil (Microsoft) and betray the identity that what makes Nokia as Nokia (Symbian and MeeGo). It wouldn't be surprising MeeGo wouldn't slow down even further and more reliance or Microsoft would appear and maybe finally even killing or fatally stunning MeeGo, thus removing another potential competitior from the Mobile OS market.

I was considering Nokia because of MeeGo and Symbian but I guess this would be a huge let up. Guess it's time to head towards for Android OS or something better.

Where is Nokia's pride and identity it had in the past ?

The employees who walked out from Nokia after hearing such betrayal by their management did the right thing. The pride of Nokia from now on is like a dog licking the boots of Microsoft.

Friday, February 11, 2011

MPEG-LA and dirty games

Read:
As always, MPEG-LA would love to resort to the most lowly of means just to get what they want... hegemony over the world of video codecs, not allowing anyone to create their own video codecs.

Saturday, February 5, 2011

American Propaganda

Read:
When Wikileaks sprang up with their leaks on the US, they (US Govt) tried to block and sensor and hunt down anything related to Wikileaks like some witch hunt in the days of olde. Now US wants to push their own perspectives onto the Chinese and other nations. How is US different from China or Iran when it is willing to hunt down and shut up the truth and Freedom of the people. It's another fascist regime (US Govt) that pretends to be 'Justice incarnate'.
US, watch your own Freedom and handle it, before spilling shit all over other nations.