Wednesday, May 21, 2008

Emailing on Blackberry phones are insecure


Blackberry phones allows users to email but the flip side is, your content isn't going to be very secure. From the above article, the Indian Government have managed to force RIM who develops the Blackberry phones, to spit out the encryption keys for emails. RIM claims that they would only give non-corporate keys... who knows they might have given more and the Indian Government may have asked for more.. but we don't know... and there's always this possibility.

Non-commercial dialogues may hold personal private details or some non-corporate secrets... so this is no less than breaching of privacy by the Indian Government and very evidently, RIM , in order to secure their business in India, succumb to such actions of breaching privacy and trust.

I doubt I would even trust Blackberry and from the very start, the architecture of how Blackberry treats and handles emails are already insecure..because user's emails have to pass through Blackberry servers and who knows what these servers might be doing...

In short, Blackberry is created but with much suspicion around it.

Tuesday, May 20, 2008

Softwares that people would want to use...


What people hate:
  • Bloated
  • Too much hassle to install/use
  • Unstable
  • Malware/Spyware/Virus
  • Security loopholes that are known but ignored
  • Too much message and notification (too noisy)
  • Does things behind the user's back (secretly install stuff or obtain consent in a way users are not fully aware)
  • Softwares that don't do what they are suppose to do and add some extras or lack of what they are supposed to do
  • ...etc ...
A comment about Sun's installation/update for Java... please do what you are suppose to do and don't do extra things like trying to get users to install Yahoo toolbar and Google toolbar and advertise this and that... you are suppose to create an update/installer ... not an advertising platform. Many users installing Java are normal users and are not attentive enough to read so they mostly click Yes / Accept/ Ok ... only the more geek - like (like me) would bother to read and spot that the Yahoo/Google toolbar are set default to be installed (trying to trick unknown users to install) and we have to unclick the checkbox to not allow it to be installed.

Installing is about consenting you to add stuff in the user's system and is based on mutual trust. If Sun were to continue it's underhanded ways , I think the user trust would wane and maybe the coming IcedTea JDK without such nonsense would be people's choice, not Sun Java ... or even more serious, people might forgo Java and refuse to accept it. It's sad for me, a Java programmer, to see Sun Java to be rated as one of the most annoying software installation/update because of the misconduct and misuse of trust of Sun Java.

Below is a list what I think users want their softwrae to be:
  • Do what it is suppose to do best and nothing else... unless stated
  • Free from spyware/malware/virus...all those shit that plague PCs
  • Small and light weight... this is the age of portabilty... not some big bloatware
  • Use as little resource and necessary resource as possible
  • Robust and resiliant to most faults and errors
  • As little jamming or crashing
  • Developed with security in mind
  • Scalable /Plugin / Extendable
  • Files and Folders are organized cleanly and not thrown all over the file system
  • Automated with consent and knowledge of the user without too much technical details or spamming the user with too much notification
  • Simple , Simple , Simple !!! Complex stuff is the thing of the past.. even for geeks, they would rather take simplicity then complexity !!!
  • ...etc...
The list of what users expect of the software they use is ongoing and long and each user have their own perspective.

Sunday, May 18, 2008

OLPC... changed course of direction


OLPC, how angelic and inspiring it's starting was, has ended up misled...

Simply, the previous and current versions of OLPC allows you to look at the running codes of the applications and processes that are running in the XO laptops, but imagine what happen if you add in Windows ? You wouldn't get the functionality of looking at thw workings and learning from the workings and discovery.

XO laptops are about tinkering and finding out how to solve a problem... but with Windows, your options are limited since Windows have always been a restrictive and limiting OS to work with. I doubt how educational it is. When Negroponte tried to sell Linux empowered laptops and was put down by the education ministers, he might have thought that ading Windows would add a bit of 'lustre' to his products since Linux have always been thought of as some free low grade ugly beast and Windows... at least it could make it through since you don't use much command prompts then Linux (no insults meant to Linux users in any way).

It seems Negroponte is trying to stay alive in his ... badly planned business enterprise (not education).

The dreams of education is over... for OLPC enthusiast ... many of the top OLPC members have already either resigned or walked away ... the 'virtue' have been spent.

I once thought rather highly of OLPC using Linux, but now, it's over.

Anyway, if you want to help those poor and undeveloped nations, a sudden introduction of laptop to every kid is NEVER THE RIGHT THING TO DO. It is causing a cultural shock !!! I doubt Negroponte have considered the mental impacts a forceful and sudden introduction of these products into the live of these kids might have done... we do not know what happened to the kids mentally... and it needs some research.

I think all these poor kids needs are basically just proper schools , chairs , tables and utilities... not overly high tech laptop. The basic stuff is always the best to start first.

Friday, May 16, 2008

Derby database in applications and why I don't like it

I have tried using some applications that uses Derby as the backend (I wouldn't want to pinpoint the products) and when the product is started, it takes a very very very long time for the derby to initialize (because one particular produce have a tool tip when you mouse over to tell you the status) . It took nearly more than 2 minutes to initialize. On the other hand, I have made a couple of applications using H2 database as backend. I didn't use the latest H2 and it's those around version 1.0.65 for H2. The speed difference was so different. It quickly started and the apps took only less than 2 minutes or even 1 minute and below.

Just a side note, H2's jar file contains: SSL Server , TCP Server , Postgres Server (to allow Postgres protocol) , command prompt shell , Web base console , database engine , JDBC and allow both client-server and embedded mode.

I doubt if Derby's jar file even have an interactive console like H2's or have the array of tools packed in like H2's.

When I first used Derby, i have no idea how to start it or even run it. It's so unfriendly and you need to hit in chunks of commands into your OS's command console/prompt. For H2, all I need is click on the H2 jar file and it would add a small task bar icon in my OS and pop up a web page with a friendly console GUI.The web console comes with some GUI goodies like auto fill in forms ...etc... It's so much more presentable and easier to use than Derby. When I use H2, the first thing I felt was me being impressed by how well it pressed and how simple... all in the click of a jar file and web based GUI consoles come to your aid. If I need another session , I just go to the task bar, click on the H2 icon and another session is there. If I want to terminate the database , I just exit the icon

Overall, the minute I use H2 , I am not so badly lost as Derby. For the Derby team... if you want to be any better than H2, first start from redoing your appearance and usability.

Another thing, imagine your applications with backend have some SQL problem and you need to debug it in the deployment machine but you don't have any other tools except the jar files. For H2, you just need to click the jar files, key in the connection path , username and password and you can start to debugging , restoring any corrupted databases , backup (hot and cold) ...etc... no complications. Derby ... up till now, I tried to get into the Derby database of the applications containing Derby which I refuse to pinpoint earlier... and I still haven't got an idea to access it's database. Maybe I am a noob in using Derby. From this scenario, if you are a developer or maintainence officer, I think you are more likely to choose to maintain H2.

So from here, H2 wins hands down not only on the usability and ease of using and more hassle free than Derby, H2 won because it has lots of tools equiped inside it's smaller than 2 MB jar file. Can Derby do it ? Yes ... but are they moving towards it and effectively be seen as equals to H2 to my view ? No .

Derby developers, you have lots of usability issues.

H2 developer(s) and to it's chief , Thomas Mueller, well done ... continue on the good work ! :D

After the good first time experiences from H2 , I have rather become a fan of H2 because of the good impressions.

Laptop checks in border crossing


Well, USA was once famed for it's liberty but it's liberty and freedom is all spent and squandered and the trust have been all used up. Indeed this is what they call liberty and freedom... hmmm....

This age, there is and already is absolutely NO LIBERTY OR FREEDOM. Those with a dream of liberty and freedom is as good as a wasted dream or either, you really have to fight an upwards stream and bring about a revolution of culture to bring back liberty and freedom and to secure the hearts and trust of people.

Anyway, back to topic, it looks like those customs officials would make it a headache for you when you cross into their borders with electronics. This is not confined to just the USA and Britain, this is true to most of the countries these days when they are so paranoid about the content you bring in inside your electronic device.

Encryption wouldn't work anymore since they would give you a bad day, 'torture' or literally torture you until you decrypt your stuff and surrender your passwords and contents.

As Schneier said, it's best that the data or information is not there and not available on the machine. So get yourself some data shredding tool like AxCrypt or other cryptographic software that can safely shred your files to leave no trace for recover. If somethings' not existing, then no one knows... the safest bet.

I thought of another way to allow you to use a computer without bringing in any machines. Get yourself a Linux LiveCD (this works for Linux users) and that's all you need. Find a computer and boot from the Live CD (don't install it !) and just use the Live CD to connect back to your company's VPN (make sure the VPN has SSL protection) and you can start accesing your company stuff.

Another way is not to bring anything and don't do anything... that's the best thing there is...

Friday, May 9, 2008

Dangerous SP3 for Win XP

I doubt if those Microsoft developers did properly checked SP 3 before releasing it. Imagine if the user is using Win XP Professional for mission critical stuff ... I doubt they would like what happens. I guess those developers are sleeping on their jobs again ?

I think Microsoft products are getting worse down the line since all they care is to gain more $$$$$ and more people using their stuff... so all they care is to rush and push out something rather than making their software products robust enough to handle daily 'wear and tear'.

Maybe it's really time to consider using Linux ... but the desktop for Linux needs lots of improvement. If Linux desktop were to improve a bit more for the dummy and noobs to use, then I would consider moving all my stuff to Linux without a second thought.

I don't like the XP I am using since it's slow , jams frequently and easily crashes (done that aon many occassions) but I don't like the desktop and usability of Linux either. I expect more from Linux.

Bit Torrent improvement suggestions

Since the so called righteous authorities likes to go around tearing down what they considered as bad... I think drastic measures of defense is needed to defend.

TorrentSpy have been demolished because of a cour order from MPAA.


What Bit Torrent could have done is to add a technology that would allow clients to become mini trackers too. So if the supposed 'Justice people' wants to take the trackers down, they have to kill off all the clients ... which mean no BT.

Humans have really corrupted and made the world a bad place to live.

Sunday, May 4, 2008


I was looking through many databases (pgsql , oracle , mysql , derby , h2 / hsql ) and I have not noticed any database that stores their data in an XML format. I thought maybe there should be a database that stores data into XML files as the default database files so that the benefits of XML can be exploited.

By using XML as database files, the benefits of XML that can impart to such XML database files are:
  • easy for porting and development
  • vendor , programming/scripting platform and OS neutral
  • easy to read literally
  • can be easily extended and scalable
For now, I have created a basic skeleton of the XML database file format (.xmldb) and it is made in a way that it can be extended and each portion of the XML does what it is suppose to do.

The main rationale of thinking of the XMLDB is simply because the very fact that every database use their own file format and it would be difficult for databases to share database files when necessary and when developers need to write some programs between databases, they need to know the format. XMLDB would be so versatile and easily extendable.

Just imagine XMLDB as a CSV database file but in a more complex , more defined and more structured version.

I am not sure if someone already have or implemented this idea exactly or very similarly to my idea. If there is, my ideas came not from reading your ideas but my ideas just came... so I am not copying anyone but just plain coincidence.

I hope that XMLDB could be adopted and used in many databases like how H2 database is able to not only handle it's own file format but also CSV format and maybe XMLDB may even make it into being a stable client-server , cluster and embedded database ?

I don't wish to patent or license this XMLDB if no patent or license ever existed and if someone, having read and decided to adopt this XMLDB as their patent and/or license themselves or for someone, then may the person's patent or license fail to be approved (this is a literal curse) and if they did it in the name of business, then their business (All) would fail badly and bring them to their knees. If a patent of license already existed before, then there's nothing I can do.

Just to clarify, XMLDB is about the file format and the engine format. I would specify more about the specs of the file format and engine format for those who wish to implement and modify it.

Friday, May 2, 2008

Dynamic Extendable SQL

I was coding some software that involves a need for a database as a backend and I was wondering how troublesome it is to always need to edit the SQL codes if the database developers decides to change the SQL commands in an upgraded version for some reason or maybe, what if I need to change another database and their SQL command have some differences ?

I thought that one of the most important thing a software that requires or relies heavily on a database is to be able to be flexible to fit into and accommodate different databases. For example, you developed a software that uses MySQL database and for some reason, a customer wants it to work on their pgsql (PostgresSQL) or maybe on a Java DB/Derby or a H2 database, you have to re-code your database access classes to handle the changes and maybe H2 or Derby or MySQL's command for backing up using custom SQL commands are different. For MySQL , you use a database dump , for H2, it comes with a command called 'Backup to xxx' to do a backup using custom SQL, I am not sure what Derby uses for Backup since I have not used Derby.

I would like to propose the use of some sort of dynamic method where you store your SQL commands for the functions in some XML or text files and when the function is needed to be changed, all you need to do is re write the SQL command in the file and you are off going again. It should be able to handle SQL injections by the means of using Prepare statements or some specially made statements that can handle SQL injections.

With such dynamic capabilities, you can even extend and be able to add in new commands for SQL too if needed.

So now if your customer needs your software to work on some other database, you can just change the SQL codes to those that are needed and the database connection specs , password and username to the database, could be kept on some sort of secured file somewhere so that your database connections and specs and SQL can be mobile and dynamic... always ready to change and take on new challenges that it might face in future.

Such dynamic power and extendability should give your software an edge over the others.