jump to navigation

Almost a Year In… September 10, 2010

Posted by fvter in Blogosphere, General, Technology.
add a comment

Woah, it’s been almost a year since I have posted an update on the blog. Most of my discussions and ideas have been pushed mostly through Twitter.

The simplest of reasons… Work has been eating my time up and when it wasn’t work I was fighting uncontrollable pains in my legs. Well after 4 or 5 different tablets, finally found one that is controlling the pain and has minimal side effects.

I would tell you to watch this space once more, but to be honest, i am not sure at all when I will be able to post on a regular basis! Thanks for watching & reading, keep following me on Twitter.

Related Links:

A Fun Way to Understand AES! September 23, 2009

Posted by fvter in Security, Technology.
Tags: , , ,
add a comment

Constantly on the look out for information on encryption and better understanding of the mechanisms behind algorithms, I was amused to discover this morning the MoserWare’s A Stick Figure Guide to the Advanced Encryption Standard (AES).

The information presented is significantly accurate but presented in a humorous plain cartoon format. Quite enjoyable! What was interesting is that it goes back to the history of how AES came about and presents a basic overview of how block ciphers work…

Application Updates Tops Cyber Security Risk, Real World Fix is More Complex September 17, 2009

Posted by fvter in Security, Technology.
Tags: , , , , ,
add a comment

A few days ago, SANS released it’s new Top Cyber Security Risks report with a new interesting twist to the usual well-explored risks (such as web server vulnerabilities). The new risk that is highlighted quite effectively is the problem of application vulnerabilities which have had an increase and become much more visible. A good example of this has been the ongoing reports of vulnerabilities in Adobe products such as Flash and Acrobat.

[kyte.tv appKey=MarbachViewerEmbedded&uri=channels/7802/567425&tbid=k_28&p=p/s&height=436&width=416]

Part of the issue that is highlighted by the report is the slow turn-around to deploy application patches/updates to reduce the risks and fix certain vulnerabilities. This is in fact no surprise! Having spent a number of years in the corporate IT security environment the application update process is a bigger dilemma than one might think. There a number of factors that impede an effective and complete application patching process be it for a few thousand  to 10’s or 100’s of thousands of an installed client base. Some of these issues can be highlighted by the three following concepts:

  • Online availability of clients to receive the updates, making it more difficult to get an effective deployment rate;
  • Patches for versions that are in-use might not exists and upgrading to new versions presents other challenges such as budgets, compatibility with other applications, continued functionality support for the business solutions;
  • Patches (or upgrades) can break or change features that are relied upon by business solutions or process effectively breaking the latter and presenting an impediment on business ability to work effectively.

For a corporate IT security team a balance has to be achieved between the need to carry out effective patching or upgrading versus the need to let the business continue to work as effectively and efficiently as possible. This is the hard truth, patching to mitigate vulnerabilities is not necessarily the best solution for a business if it breaks functionality or impedes the business process!

An effective IT security team will understand this and works towards an acceptable compromise that balances the risks versus the business’ ability to carry on efficiently through policies and process that mitigate the risks or control/patch the vulnerabilities. Notably, the report section on best practices for mitigation and control provides a number of effective risk management techniques that start by understanding the applications that present risks and building an effective defense plan…

Related Links:

Firefox 3.5 Hates Google Searchs Rant July 7, 2009

Posted by fvter in Rants, Technology, Web.
add a comment

After recently updating to Firefox 3.5, I have run into a seriously annoying and killer problem. Firefox 3.5 refuse to correctly load Google searches in a reasonable amount of time or even the Google main page (www.google.com). In a painstaking attempt to figure this out, I have tried everything from running Firefox in safe mode as well as turning off things like Norton Internet Security.

[kyte.tv appKey=MarbachViewerEmbedded&uri=channels/7802/500249&tbid=k_18&premium=false&height=445&width=425]

The problem doesn’t lie in my computer or in my infrastructure. Firefox loads all other pages normally (including Bing.com) and even loads mail.google.com as well as reader. It’s just the search that it doesn’t want to do. BTW, IE, Safari & Chrome load the pages perfectly well!

Enough is Enough… Let me know if you’ve had similar issues?

To Reader or Not? Can we Really Do Without It? June 10, 2009

Posted by fvter in Security, Technology.
Tags: , ,
add a comment

Yesterday being the 2nd Tuesday of the month, saw the usual slew of update notices from the regular culprits. However, a new actor came into play this month: Adobe! The first appearance of what has been nicknamed «Adobe Black Tuesday Updates». This actually represents Adobe’s commitment to having a regular patching schedule to address security issues, bugs and whatever else needs to be fixed.

Adobe since late last year has been hard with a slew of vulnerabilities in their products but more so in their flagship Reader product. The root cause of the issue was the inclusion of JavaScript and related bugs in that provided a vector for exploit. The vulnerabilities have been covered to a great extent on the intrawebs and there isn’t really much more to add. Adobe attempt to take a rational approach to the issue and sent out advisories on how to take palliative actions (by disabling JavaScript support in the product) until proper patching could be done.

The push that some security experts (including some prominent figures such as Mikko H. Hyppönen from F-Secure, Paul Asadoorian from Pauldotcom.com) to abandon or adopt alternate products and formats is just not realistic! The biggest criticism to Adobe has been why use JavaScript in what is essentially an electronic paper format. This attitude neglects the important factor that the technology is there for a reason. In most cases that reason is based on identified business/customer needs and those same customers have built solutions which need the scripting to continue to function effectively.

A number of business and government organizations have adopted the additional scripting capabilities to make the documents more interactive and to facilitate the content entry/usage for their users at a time when Web2.0 was far-away. A lot of interesting solutions have been explored and created using this dynamic document capability such as automated tax reporting forms, real-time report generation, … There are and probably will be a continued need to support this type of scripting technology to give documents more interactivity and to breach the divide between static data and the ability to have near real-time solutions for reporting and information manipulation.

Could Adobe have handled this better? probably but they have embarked on a road to manage the risks more effectively! Could a solution other than JavaScript be used? from a technical point of view most likely but practically Java is a well-adopted programming language.

The underlying hard truth though is that calling for the dropping of one or another product is just not constructive and in most cases will go against the end-user’s business goals! More constructiveness is needed to achieve solutions that help end-users minimize the risks but at the same time continue to allow them to streamline business process with the solutions at hand.

Related Links:

Seesmic Desktop Revisited May 29, 2009

Posted by fvter in Technology, UI, Web.
Tags: , , , ,
add a comment

A few weeks ago, I posted an article about Seesmic Desktop in which I promised to continue to revisit the product. About a week ago Team Seesmic released a new version…

I have to say that the feature set on Seesmic Desktop continues to impress me and the integration they are doing with both the Twitter and Facebook API is amazing. But, yes there is a but and continues to big a But before I can fully adopt it as my staple client. Looking back at my main list of qualms from the previous post, some things have changed for the better and some things just haven’t changed and plague IMHO the experience.

Most of the bugs that were itemized seem to be under control but I am still seeing some problems with CPU and still don’t have my twitter avatar as well as the two window link click. I’ve also noticed some new quirks like right clicking on a link or other hypertext in an entry brings up either a copy/paste menu that is disabled or a weird menu with lots > symbols. Outside of that, I do believe that the stability of the solution has potential achieved a milestone.

The UI issues remain a sour point with me. Although the close box issue (at least on Windows) seems to be behaving as you would expect, I just don’t understand the remaining UI and how people can actually live with them. The primary points that really need to be addressed remain: real-estate usage; the weird column/tab bar behavior; and strange column resizing layout in the scroll window when the window is resized. That last point is difficult to extrapolate but essentially I get the impression that some weird ration is being applied based on the size of the window to determine the width and number of detached columns that are displayed in the visible part.

Now don’t get me wrong, I can easily live with new UI paradigms do it all the time. The problem is that this UI just does not seem intuitive and gives me the net impression that it’s not convenient for ease of manipulation and interactivity.

Let me know you thoughts and/or comments through this article or via my Seesmic Profile or thru Twitter

Related Links

RAID!!! Running With the Guildies… or Why WoW Just Keeps Players Going May 23, 2009

Posted by fvter in Gaming, Technology.
Tags: , , , , ,
add a comment

So early this morning (around 02:00 23.05) or late evening server time, I hooked up to World of Warcraft (WoW) for a guild organized RAID of Blackwing Lair (BWL). One of my characters, Balaluze Death Knight, is a member of the «Project Lore» guild. The premise behind this guild is that everyone is a fan in some form of the Project Lore Video/Blog/Guides getting together to play WoW and have a good time playing as a team. About 2hours in, it reminded me why I still invest my time and attention in WoW enjoying every moment.

After a small delay of getting everyone together, Executation lead us into Blackrock and up to the BWL entry point… We entered the instance with about 10 people (plus or minus – to be honest we lost a few because they had not been keyed which is a necessary step to open the door and been given access to the dungeon), which was a little more than 10 shy of the required number of players. We figured it might work since we had a few high levels… This was our mistake and despite a tough battle but victorious one against the 1st boss Razorgore the Untamed, we proceed to the 2nd area with Vaelastrasz the Corrupt. Here we hit what might in the end be construed as an epic fail in the Lore history books. We just did not have enough damage per second (DPS) capability with our combined strengths. In fact whenever Vaelastrasz hit 15% health, the dragon would launch its power attack and we would go down one-by-one in a matter of seconds. 3 tries down, we called it a night as there was just noway that the group would be able to down the dragon and let alone continue on.

So outside of a quick & dirty recount of the night, the reason this post came to be is that the RAID reminded me why WoW, & other MMORPGs, just keeps drawing me in. The RAID reminded me of some important aspects of an aspect of gaming playing in MMORPGs that defines its ability for continuous challenge and enjoyment. In most games be they RPG or RTS there is a level of certainty and consistency in the game by that I mean that the tasks, quest, combat or other game scenarios share a goal and that goal is always the same each time you play. In a standalone game, one can build a strategy and consistently repeat the strategy to win the trial leading to a play once only scenario. One might even say that this stays true in whatever game you play.

However, MMOs bring an external factor that changes the certainty and consistency in the game. That factor is a higher level of human interaction and game play style that quickly becomes apparent. Each human player brings his/her own way of directing his avatar’s actions into the group and the combined different play methodologies actually changes the way the events happen & the outcome. Let me clarify using the BWL RAID that was run this morning in WoW,  despite following a well-known strategy and having a leader to coordinate the RAID party our efforts did not achieve success. Not for a lack of willingness of the team but that’s not the point nor was it the issue, the players each used there style and abilities giving different outcomes and thus changing the way the battle laid itself out… Essentially each try gave a different play experience and keeping the player on his/her toes trying to achieve the best possible set of actions! Turning every encounter into a new challenge and definitely not the same reptitive thing.

To sum it up, a continuously evolving and changing game play driven by the individuality of all the human players making the game and keeping it attractive as if it were day one…

Let me know you thoughts and/or comments through this article or via my Seesmic Profile or thru Twitter

Related Links

Why I’m Not Switching to Seesmic Desktop… May 6, 2009

Posted by fvter in Technology, UI, Web.
Tags: , , ,
2 comments

For a long time now I’ve been on the quest for a better Twitter desktop client. The reason I use a desktop client is to facilitate the reading of the tweets but also to avoid having to have an additional browser window/tab open [rant: browsers give me headache between slow performance and memory usage at least on my systems, blah blah blah]. Plus the advantage of having a separate client is to be able to get OS level notifications of new tweets. My typical poison has been TweetDeck or Twhirl depending on my mood but overall TweetDeck has been the staple diet mostly because its features suit my needs.

A few months ago, Loic Le Meur and Team Seesmic began to embark on building the “next best” thing in desktop integration of Twitter feeds and more recently to include Facebook through the new Stream API under version 0.2-rc2. Now the purpose of this post is not to review the feature set (please the Seesmic Desktop web page) but to give a critical analysis on why Seesmic Desktop is not for me (just yet)! I ran the new version of the Seesmic Desktop client for the release til May 5th evening about 4 days. To be fair, there are some interesting concepts and innovations present in this new version of the Seesmic Desktop, this is why I continue to try it.

There are two categories of issues that brought me to take this decision: Bugs and UI Issues. The bugs will be covered first with a fine grain of salt as parts of the issues are not necessarily related to the client itself but can be partially attributed to the Adobe Air platform. Bugs are also transitive things and can in most cases be corrected overtime, although I must admit that some of these issues have been around since I first started to try out Seesmic Desktop (ed. I have tried the last 3 or 4 versions) and in theory I have reported them (I think – too much on my plate).

Bugs:

  • Refresh Issues :- I’ve had a number of screen refresh issues where-in either new tweets don’t appear (as compared to what’s on my web version) or tweets appear but no notification is issued which kind of defeats the purpose (and it’s not an API call limit issue as a refresh loads the missing tweets). This is even more pronounced when using multiple columns…
  • Missing Avatars Including my Own :- I’ve had over the testing periods moments when the avatars of the different accounts that I follow don’t get updated but more challenging is the fact that my own avatar that sits next to the input box under the twitter account has never been present (it is loading the one associated to my Facebook account);
  • Memory Usage :- there is debate among the developer community on the cause of memory usage in Air applications whether it is the application or the Air framework. So I will defer on this one although I am getting mixed results from different applications, a quick quit and relaunch usually fixes this issue. But in general, I continued to see memory usage increases after initial launch but controlled (over applications I have seem to be afflicted in the same way);
  • CPU Usage :- this one was quite disturbing for me, I got a consistent above 5% cpu usage while running Seesmic Desktop there never seemed to be any idle time. Worse though was that it seemed to be rising to 15% to 25% cpu use when it was loading tweets or Facebook items;
  • Link Click Opens 2 Web browser pages :- when clicking on a link, two browser windows are launched (instead of one). I know that some developers blame the Air framework for this and how it handles the default browser settings in Windows (yes, I check my browser settings).

UI:

  • Unable to Quickly Identify New Items :- new tweets or Facebook items appear in the Seesmic Desktop application in either the home column or one of the user defined columns, however, there is no distinguishing mark or highlight that shows which are new and which have already been viewed. This makes it difficult to keep track of where you are or have been;
  • Difficult to Differentiate Facebook vs. Twitter Items :- the main home column aggregates all incoming items which is useful, however, there is no in your face mark that distinguishes from which account the item comes. This is a minor issue but it would be nice (for us older folks with vision problems) to be able to apply some kind of background colour coding for the different accounts or just make it easier to see which account it comes from (instead of the small text at the bottom of the item);
  • Where are my Favorites (missing feature?) :- so I use Twitter favorites feature to «bookmark» tweets with interesting information I would like to revisit at a later time. For the life of me, I was unable to identify (outside of the Like menu item) who to visualize or manage these short of going back to the web page;
  • Column Always Selected in Menu :- Seesmic Desktop gives you the possibility to detach menu items so that you can have multiple columns open at the same time, giving you the ability to have multiple streams viewable at once. However, for the life of me, I don’t understand why when you detach columns you must still have an item open in the menu. This is difficult to explain without a visual but essentially, once you detach the columns you want to see you are still forced to have one of the left side menu items open effectively covering up parts of the column scroll window. You would think that the purpose of detaching is to be able to manage the columns and menu items independently;
  • Clicking on the Window Bar [X] Doesn’t Quit :- I hate when applications do this, I don’t understand why some developers think that they can redefine the meaning of menu items or window bar items. The [X] is generally considered to be the close box but when you only have one window open it should also quit the application at least that is the common accepted protocol. Seesmic Desktop doesn’t quit but just closes the window and there is no quit button. To quit you need to right-click the taskbar icon (but what if you hide these) and select quit, definitely unintuitive and inconvenient;
  • Real-Estate Hog! :- Seesmic Desktop is a screen real-estate hog and the UI structure is incredibly fixed in size (apart from window resizing) and has a lot of wasted space (large borders, fixed proportion columns & menus). I know that Team Seesmic has gotten a lot of flack on this issue and I am just adding my 0.02¢ worth. Comparatively with TweetDeck for example, I’ve calculated that for viewing the same amount of columns and tweets, Seesmic Desktop can take as much as an addition 20% to 30% space. This is a big issue for a user who spends a good portion of his time on a laptop or wants the window to sit on the side and take up minimal space but still provide enough information.
    IMHO this type of issue can easily (as well as the performance bugs – CPU, …) can easily be avoided by giving developers and UI designers the lowest-common denominator machines. That is to say give them a machine with a small screen (13″or 10″), low memory and a minimal CPU (maybe netbook). From what I’ve seen, this is probably not the case for Team Seesmic, having watched their demo videos – they all appear to have large 22″ or bigger screens.

As a general comment, the UI issues is where Seesmic Desktop really looses in my book. I can eventually live with bugs and wait for fixes or try work-arounds but the UI leaves (at least in my book) much to be desired and makes it difficult to adopt the product for everyday use. I would have liked to graphically demonstrate some of these issues but for some unknown reason when you try to take a screen shot, the Seesmic Desktop window disappears…

My search continues, future release of Seesmic Desktop may get my attention, who knows!

Let me know you thoughts and/or comments through this article or via my Seesmic Profile or thru Twitter

Related Links

To Core i7 or Not? Just Go for a Core2 Quad Q9550 April 29, 2009

Posted by fvter in Hardware, Technology.
Tags: , , , , ,
1 comment so far

Today, I started to notice some weird fan noises coming from my Home PC that we use for general all around work and also for playing PC based games. So it made me realize that my want to move to better hardware may just have to be done sooner rather than later. Now as much as I would prefer to move to something like a MacBook Pro, I don’ t have the budget to undertake that kind of move.

Thus I started to investigate the possibilities of upgrading the Hardware to move to either a Core2 Quad platform or even a Core i7 platform. To be honest, the upgrade which ever way I go would require a motherboard and RAM upgrade on top of the CPU. Also I more interested in going the Quad way to be able to better multitask :- i want to be able to watch or even edit multimedai all the while playing World of Warcraft.

Visting my favorit parts supplier in France, I noticed that the price of the Core2 Quad vs. Core i7 was not that much different (around €50 to 75) but the killer price impact is the motherboard and the need to use DDR3 RAM. The comparison that was done involved trying to get the same basic hardware infrastructre with only the CPU changing. That means that whichever direction was taken, the number of ports, memory (going for 8Gb), I/O support, audio, etc would be an almost 1:1 comparison. References to the different parts are attached in the links section of this article.

Truth be told, I would much rather go with the Core i7 option as it would have a longer life span. Unfortunately it’s still an expensive option to go for and for the same price or less even, I could essentially walk away with not only the CPU/motherboard upgrade but also a brand new ATI 4890 graphics card. There is a whopping €225 to €275 difference which is not negligible an can’ t be ignored.

You got to hate having to make these kinds of decisions! Seriously, I wish that I had cash to spare…

Let me know you thoughts and/or comments through this article or via my Seesmic Profile

Related Links

«Sign-In with Twitter»: Should we be Scared? April 22, 2009

Posted by fvter in Rants, Security, Technology, Web.
Tags: , , , ,
add a comment

Last week, Twitter opened up it’s «sign-in with Twitter» open authentication or OAuth service under the radar. To be fair to Twitter, the news last week was more focused on the one million follower story and the arrival of big media names onto the service. Now, I’ve always been an advocate of using OAuth type services (I personally use OpenID as much as possible) to both simplify a user’s life and to avoid the problem of password re-use.

It also goes to Twitter‘s credit to move in this direction and to provide this type of service to ease the integration of external applications as well as make it easier for user’s to provide their Twitter information.

Disclaimer: I have not had the time and that’s not likely to change in the near future to fully investigate and examine the security of the Twitter OAuth service. The following rant is purely about Twitter‘s current public track record…

[kyte.tv appKey=MarbachViewerEmbedded&uri=channels/7802/412971&tbid=k_16&premium=false&height=334&width=319]

Twitter‘s public track record of securing and making a reliable service is less than top par. My top 3 frontal issues that have been discussed, re-discussed and overall made serious news for Twitter can be summed up with this list:

  • The service has a huge history of availability issues, well rather non-availability in times of high traffic although this hasn’t occurred in a while it’s bound to happen again seeing the growth patterns of late;
  • The security has a number of times criticized the continued use of basic-authentication (inc. accepting base64 password encoding) to use the service. The problem being that this is an easy way to grab the user’s password which would break or poke serious holes in the OAuth service;
  • There have been a repeat number of XSS attacks and worms including the most recent mikkey work which last over two weeks in its different iterartions.

These three points push me to think on whether or not I would be able to really trust such a service. Will I be able to use it at all times? Am I sure the authentication might not lead to a password leak? Am I sure that the OAuth won’t be replayable? Can I be sure that the OAuth session isn’t being misdirected or stolen somehow in XSS or via a worm? Makes me wonder if the service will actually provide a decent and safe mechanism for authentication and whether or not my credentials are going to be safe :- scary……

Related Links: