Wednesday, August 10, 2011

A Cohesive Linux Desktop Required


Agreed with that article. Many tried and failed to bring Desktop Linux into popularity because of the lack of a unified framework or consensus on the Desktop Linux. Linux Foundation could anchor such a unified project and set a single standard and get all the other Desktop makers like Gnome, KDE, XFCE ... to follow it through. OEMs and companies need to cooperate and not be blinded by personal profits and sabotage the community or others. The spat between Ubuntu and Gnome on their flagship Desktop (Unity and Gnome 3) was an example of inter-sabotage where it simply weakens the Desktop Linux as a whole instead of unify it.

Recently, Linus Torvalds have shunned KDE and Gnome whom are the two major Desktop makers for Linux for a good reason. Their applications and desktop are simply irritating to operate. I have been using Ubuntu 9.10 based desktop theme and refused to upgrade to the Gnome 3 or Unity Shell for the reason that both of these desktop themes are not going to be friendly and I would have to relearn them for a while. Despite me upgrading the Operating System to Ubuntu 10.10, I simply refuse to upgrade or change the desktop itself and am very hesitant as I am concerned about the breaking of applications using the new themes.

Linus Torvalds could spearhead the Desktop Linux and under his banner and Linux Foundation's I am pretty sure many people and companies would gather together and create a unified framework for Desktop Linux and make Desktop Linux a lesser pain in the near future and promote Desktop Linux.

Linus Torvalds and Linux Foundation have the influence and reach to create this change and unify the Desktop Linux together. They should start making it happen.

Tuesday, August 9, 2011

Sunday, August 7, 2011

Doomed for Insecurity

I was attempting to explain the importance of computer security and the use of password managers instead of writing down passwords. I made a password manager called PasswordStore with the aim of simplifying usually complex password managers to become easy to use. 

PasswordStore is actually really simple and mostly self sufficient and the setup procedures are near to none except stating your username and password you prefer on the first use.

No matter how I try to convince others the use of NOT WRITING DOWN PASSWORDS ON PAPER AND LEAVE IT IN PLAIN SIGHT, there are always people who would always want to write down their passwords and NOT PROPERLY PROTECT THEIR PASSWORD PAPER.

Besides the password cases, there are always people who are ignorant to security despite warnings. A few of the examples are listed below:

  • Leaving computers not locked (lock screen) when going to somewhere else.
  • Sharing / lending passwords for sensitive accounts (e.g. emails, web portals ...etc).
  • Installing suspicious looking programs despite warnings.
  • Willing to leak personal information on social sites.
  • Belittle the consequences of their accounts being compromised.
Above are the few scenarios I met of people who are hard-headed in their ways towards computer security. I believe most people bare the same attitude to a good extend. If such attitudes are applied into a larger context (organisations and companies), it would invite attention from hackers. The "ordinary" people who would love to persist in such attitudes of continuing their ignorance to security would also invite troubles from hackers and law enforcement agencies (when the hacker implanted a backdoor into their computers and have "zombied" their computers to attack or help attack someone else).

Such whom are ignorant and continue to be ignorant to security truely deserves the doom and trouble they have asked for by their ignorant attitudes.

Saturday, August 6, 2011

Killing Freedom: No Tether


I believe this is not the first article I wrote against the restriction of tethering implemented by carriers, some possible phone makers and Google. The idea of most people is, I paid for the 3G / 4G connectivity and why couldn't I use the money I spent for my 3G / 4G connectivity to browse the Web better by linking it to a machine like a laptop that have more functionalities and a bigger screen than a pathetic small screen of my Android phone ?

Why should a users NOT be able to use the 3G / 4G plan he signed up for at his own disposal as long as he paid his bills dutifully and on time ? After all, he signed up for the data plan with his own hard-earned money.

One conclusion I can think of for the carriers is that they want more money thus they would love to force people to sign up for more data plans and restrict tethering to provide connectivity. The manufacturers and Google wanted to have a good relationship with the providers and keep their friendship, thus allow themselves to be subjugated to the whims and wills of carriers.

How open is Android ? Open to a good amount but many parts of Android are NOT OPEN

Note: My definition of "open" meant that users have absolute control of what they want to do out of the box. To be considered "open", the user must be able to root and tether without much problems and restrictions. The use of hacking as a way to bypass restrictions to tether or root with the fear of consequences is NOT OPEN.

Rethinking Bad Perceptions of Java Speed for Financial Trading


Interesting article. This should kick start people's views and curiosity to rethink the "C/C++ is better and faster than Java for finance critical engines" prejudice. Such prejudice have existed but the truth is Java had always been showing consistent results of matching the speed of C/C++ or even better than C/C++ itself.

The idea that a cross platform language that uses classes and byte codes as being slower than the "bare metal C/C++" for speed because they are closer to the native interfaces and systems can sometimes be flawed.

Please THINK THRICE AGAIN before commenting about the C/C++ vs. Java speed competition.

Friday, August 5, 2011

All About Perception


To make it easier so, I have linked the XKCD image here via it's URL.

It's true that different people perceive different things. It's really all about how people perceive and draw their views from a single message.

Java Governance in Shambles


It is sad to see Oracle misusing, abusing and not even giving Java a second thought and shipped a Java 7 out of their doors knowing of a major bug in it.

The governance of Java in the hands of Oracles only causes JAVA TO FALL INTO SHAMBLES !!!

As a developer using mainly Java, I am sad to see how Java is treated. Oracle refused to give-in and heed the community and soon Java simply becomes more badly governed and more troubles would arise from it.

A good backup for any developer / programmer is to have a backup language in an event your main language simply sucks (Java for my case.... and I am now learning abit of other languages to pick a backup language to move over abit).

Thursday, August 4, 2011

Civilian Spy Drones


This is cool but what would the implications be ?

Proprietary Madness


The state's attempt to help the people got intercepted in the name of market and proprietary, individualistic, selfish interests.

When you are famous


You get that when you are too famous. Who wouldn't pass a chance to stoop so low ?

Real Names Online


There are people who do not mine their names and privacy be exposed to everyone else in the public but there are people who value privacy more than those who don't. Give those who value privacy, a thought for them. Protect their identities.

One thing I never liked nor understood about social media technologies like Google+, Twitter, Facebook, LinkedIn...etc... they simply DO NOT RESPECT YOUR PRIVACY AND COMPROMISE THEM INSTEAD. They do not protect their databases sufficiently as we have seen many leaked user credentials from compromised social media website databases. You may not mind your accounts becoming compromised but you would inevitably allow your compromised accounts become stepping stones that leads to compromising other accounts and systems (think of password reuse as an example).

Quoting Randi Zuckerburg saying:
I think anonymity on the Internet has to go away. People behave a lot better when they have their real names down. … I think people hide behind anonymity and they feel like they can say whatever they want behind closed doors.
I don't think that's a good way though. Why not remove login functions, remove security protocols and just let people in ? That's the same idea. We need some privacy. We need some locks to secure ourselves and our assets. We want to protect ourselves. Names can and have been forged. People have used other's name to create accounts for malicious users to frame and shame their victims. It's inevitable that the use of "real names" is flawed from the start unless some international mechanism is assigned and ensured each individual is who they are (and assuming the design have not a single technical flaw - which is impossible). 

If privacy and security are not respected and properly implemented and something happens, it's really hard to tell what exactly happened.

Therefore concluding....


Wednesday, August 3, 2011

DBS iBanking Weak Crypto

I noticed that DBS Bank uses the 3DES_EDE_CBC encryption algorithm for their Internet Banking web portal. 3DES / Triple DES / TDEA effectively only use a 112 bit key and this is a very weak key. 

3DES is simply three DES put together to lengthen it's key (Wikipedia). The EDE mode stands for Encrypt-Decrypt-Encrypt mode to be backwards compatible with systems only supporting normal DES. In the EDE mode, encryption would be done to the data, then the encrypted data would be decrypted again and finally encrypted one last time. This meant that the first encrypt and decrypt would simply be nothing as they already encrypted and decrypted each other. Only the final single encrypt had it's effect. Now, thinking back on EDE, isn't it as good as a DES (not 3DES) encryption since it is made compatible to normal DES but with probably a longer key only ?

Recently John the Ripper found a way to reduce the time taken to handle a DES encryption / decryption by 17% in their news email ( which meant that the time taken to crack DES would also be 17% shorter.

DES have been designated as a very weak encryption algorithm not good for protecting any sensitive information as it could be easily cracked with the computing powers of modern computers and improvement in the algorithm by the John the Ripper team.

All in all, 3DES is a weak encryption algorithm which can be fairly easy to crack and the 112 bits key length is rather short.

For a renown bank to use 112 bits 3DES_EDE_CBC is a very bad option simply for the weak algorithm, short key length and EDE mode. At least a 128 bit key length should be appropriate for basic security and for banking and financial institutions that require high security, a 256 bit key length is the least they could offer. An AES 256 bit algorithm for SSL is commonly in used these days and they are common. Camilla 256, IDEA, RC 4 and many other better algorithm than simply a weak 112 bits 3DES_EDE_CBC

Below is the screen shot image to proof my point.

At least use a stronger and more decent algorithm, DBS bank.