A Year of Bad Karma from Oracle

Read:

• http://java.dzone.com/articles/oracle-1-year-review

A year after Sun Microsystem was eaten by the always hungry corporate big brother called Oracle, nothing but crap spills from them, blackening the legacy of Sun.

We do not need much more elaboration to know the numerous bad karma done by Oracle.

Google Loves Censorship

Read:

• http://www.osnews.com/story/24334/Google_Censors_BitTorrent_RapidShare_Others

Google frequently yield to many pressures by big companies and governments. How reliable is Google as a search tool that is unbias ? They even censor legitimate stuff.

Hate Oracle

Read:

• http://www.thedelphicfuture.org/2011/01/oracle-and-open-source-not-good.html 
• http://kohsuke.org/2011/01/26/one-last-plea-for-hudsonjenkins-vote/

The above is good enough to piss us developers into hating Oracle like poison. How can Oracle's personal be so rude as quoted from Kohsuke's blog from the above link:

When the representative of Oracle says it to my face that I should just go find something else to work on, or that I need to immediately stop making [infrastructure] changes or the next email I will receive will be from their lawyers, or when you hear him describe me as a hurdle to the community, I think writing on the wall is pretty clear to me.

I think developers should try to fork off whatever projects Oracle would want to kill and then stir off and far away from the directions Oracle is heading to avoid anymore head-on collisions, getting ourselves into unnecessary lawsuits and legal battles.

I HATE ORACLE

How to prevent leaks

Read:

• http://www.techspot.com/news/41889-leaked-us-government-strategy-to-prevent-leaks.html
• https://www.infosecisland.com/blogview/10747-Retraction-White-House-Strategy-to-Prevent-Leaks-is-Leaked.html
• https://infosecisland.com/blogview/10742-White-House-Strategy-to-Prevent-Leaks-is-Leaked.html

To truely and effectively prevent leaks, be a hermit. Simply operate on your own, trust no one... and thus employ no one to work for you and never be networked to anyone. 

Same principle of avoiding computer viruses is not to have ports to accept input devices, not to be networked and always be alone. 

To elaborate, don't employ government contractors or workers. Don't have senate or statesman. You are yourself alone. That is the best to prevent leaks.

Cablegate Search Engine

Cablegate Search Engine: http://cablesearch.org/

A search engine for Cablegate releases.

Definition of Encryption

function Encrypt( key_data_bytes, algorithm ){

   if( key_data_bytes.length == algorithm.specifications.length ) 

      secret_key = key_data_bytes

   else

      secret_key = algorithm.process_key( key_data_bytes )   

   end // end if/else block

   encrypted_data = algorithm.do_encryption( secret_key )

}

/**

The above psuedo codes clearly states my definition of encryption:

The usage of a SECRET KEY with alogrithm manipulation. Key processing or scheduling are used to adjust the keys to the right specifications.

**/

psuedo biocryptography

Read:

• http://www.schneier.com/blog/archives/2011/01/bioencryption.html

An encryption requires an unknown factor called a 'key'. A key usually goes through key scheduling to create a suitable key for the particular cipher. Biocryptography is just encrypting data inside cells by manipulating cellular data rather than electronic data. Once someone gets hold of the cell, what secret is there that cannot be unlocked since this psuedo cryptography doesn't have some keys to encrypt.

Breaking Disk Encryption via Cold Boot

Watch:

• http://www.youtube.com/watch?v=JDaicPIgn9U
• http://www.youtube.com/watch?v=Y_70UC0tPUU

Old stuff but it shows how useful it is against modern computers with strong disk encryption.

When things get hasty and reckless

Read:

• http://www.zdnet.com/blog/burnette/oops-no-copied-java-code-or-weapons-of-mass-destruction-found-in-android/2162
• http://www.engadget.com/2011/01/21/oops-android-contains-directly-copied-java-code-strengthening/

Psuedo Password Encryption

Watch:

• http://www.arthursucks.com/2011/01/md5sum-ascii-encryption/ 

You simply use 'echo -n "" | md5sum' which simply sucks. If someone uses your terminal, they can check the history and you are gone.

Another thing to note, hashing password is NOT ENCRYPTION. Encryption uses an unknown factor called a key (layman term: a password or passphrase) !

You can also make a rainbow table or in simple terms, md5 hash all the possible passwords into a table and then match the hash and see which one matches and that's the password.

What happen if you simply clean out the history of your terminal / command line ? Doesn't that mean you are done and you need to click on the 'Forget Password' link ?

Please don't use such disingenius way of 'protecting password'. Use a proper password manager that uses properly implemented cryptographic ciphers that are true and tested to withstand attacks like the AES finalists: Rijndael, Serpent and Twofish.

Hashing is always a bad way to store password. Encrypt the password with a master password is always the way to go using a properly implemented cryptographic Password Manager.

A password manager I made: PasswordStore.

Locked down Android

Read:

• http://www.androidcentral.com/moto-employee-confirms-locked-bootloaders-and-bad-attitude

Android is becoming a controlled platofrm like Apple's iPhone thanks to companies like Motorola who does not respect the consumers and their rights to modify and also the openness of Android which Motorola is delberately demolishing.

If Google doesn't squeeze phone makers like Motorola, to follow the openness of what Android should be, how would Google's fragmented Android platform be any better than iPhone's closed source iOS ?

FOSS or the open source community should create a list of non-open source compliant companies and rally a campaign in an attempt to change such a scenario.

UPDATE

Read:

• http://www.engadget.com/2011/01/21/motorola-ready-to-make-sweet-love-to-rom-devs-and-rooters/

Android's in a mess. Now it's hard to tell who to trust.

Trend Micro and the Open Source FUD

Read:

• http://digitizor.com/2011/01/14/trend-micro-open-source/

Another Open Source FUD by 'famous security experts' who don't know what they are really talking about. Open Source can be very powerful and safe as people could review your codes and make suggestions and patches to fix flaws. It is because of the common FUD about Open Source that is being popularized and looked down upon by certain huge organizations (including Trend Micro) that simply tarnishes people's view of the Open Source world.

Nothing is perfect... including the Close Sourced world. Security by obscurity is largely useless these days and seldom applicable anymore with decompilers and high powered processing units and secure connections in the hands of the common people.

Secrey rather than leakers are the main problem

Read:

• http://sofiaecho.com/2010/12/23/1016331_secrecy-is-the-problem-not-leakers

Very true. Very well written. Those in power would always be afraid when their power are given to the common people.

A revolution contributed by Wikileaks

Read:

• http://www.wired.com/threatlevel/2011/01/tunisia
• http://www.newyorker.com/online/blogs/closeread/2011/01/tunisia-and-wikileaks.html 
• http://www.dailymail.co.uk/news/article-1347336/Tunisia-riots-blamed-cables-revealed-countrys-corruption-dubbed-First-Wikileaks-Revolution.html
• http://wikileaks.foreignpolicy.com/posts/2011/01/13/wikileaks_and_the_tunisia_protests

The pen is indeed mightier than the sword. This would be a new era where the misdeeds of the powers that be would not be able to easily escape the eyes and ears of the people and be accountable for their acts.

May Wikileaks succeed in it's endeavour for the good of humanity !

You are not safe at US Customs

Read:

• http://www.boingboing.net/2011/01/12/wikileaks-volunteer-1.html

What it shows is that you should NEVER EVER bring electronic gadgets to the US. They would be paranoid and be all over you.  You are better off properly setting up a SECURE SSH server and then use computers and internet available to SSH in to your server and work there.

Obviously the agents weren't happy when they found nothing. They were expecting to find a huge trove of juicy items..... some exciting challenges like an encrypted volume with AES 256 on it with a RSA 4096 key and all the good jazz (especially for the computer forensics guy who love nerdy challenges) so that they could do rubberhose cryptoanalysis on Jacob to find out the decryption keys.

They couldn't even extract the Bill of Rights from the portable device Jacob was carrying.

The best case is to totally avoid travelling to the US for a holiday or if there are business contracts, it's better off using conference calls than to travel there to avoid all the hassle if possible.

Pentagon Insecure

Read:

• https://threatpost.com/en_us/blogs/infected-pc-compromises-pentagon-credit-union-011211

If such a simple thing, the Pentagon could not handle, what bigger things could the Pentagon handle ? Coul the US citizens trust the Pentagon to protect them ?

Solution for HTML 5 Video tag

EDITED: 14 Jan 2010

Read:

• http://arstechnica.com/web/news/2011/01/googles-dropping-h264-from-chrome-a-step-backward-for-openness.ars
• http://www.osnews.com/story/24259/Microsoft_Opera_s_Haavard_Respond_to_Google_s_H_264_Move
• http://www.osnews.com/story/24243/Google_To_Drop_H264_Support_from_Chrome

The same stupidity of HTML 5 all bloated with ego of whoever is involved whether it be Google, Apple, Microsoft, Mozilla, Opera or whoever else that is inside.

A good solution is to support all formats (since the video tag allows specifying many video options) be it AVI, MP4, WMV, OGG, WebM, H264... everything. If the basic browser cannot handle the format, it would keep trying to look for available formats in the HTML 5 codes and if all options are exhausted without a satisfactory answer, it would look for a VLC or MPlayer or Quicktime or WMP plugin or some media player plugins and use these media players to execute it.

Just get this troublsome HTML 5 thing going rather than squabbling about what H264 or OGG or WebM stupidity.

If nothing can be agreed upon, then a forced truce whereby H264, WebM and OGG MUST BE SUPPORTED OR IT IS NOT HTML 5 VIDEO COMPLIANT !!!

If all else fails, simply scrap off HTML 5 video and make it an optional / experimental item and revert back to proprietary Flash video or the simplest is a good old hyperlink for download.

I don't like the way Peter Bright from Ars wrote that article although I refered it in the above reading list. His arguements are flawed by the way.

LibreOffice for Ubuntu

Read & Try: 

• http://drupal.txwikinger.me.uk/content/libreoffice-now-available-ppa-ubuntu-1010-and-1004

For Ubuntu 10.10 and 10.04.

Frustration of H2 consumers

Many people have took the beauty of H2 database for granted and have asked for designs like compatibilities for Oracle and MySQL and other databases. 

Many have forgotten that H2 database IS H2 database... and not MySQL, Oracle .... whatever they are asking for. H2 is such a well thought out design, that people have simply been asking for ridiculous feature requests.

For consumers of H2 database, DO NOT EXPECT TO BE ABLE TO USE THE FULL ORACLE OR MYSQL OR OTHER SUPPORTED DATABASES SYNTAX.

Another down side of supporting too many database syntax other than from the standards or from H2's own syntax, is the slow bloating of H2. 

H2's goal is to be as lightweight and a jar file of around 1 MB, not some totally bloated... everything can do database system.

I hope consumers can have a consideration for H2 database and it's birlliant developers who have made such a fascinatingly powerful database.

Yes, things do break and can be frustrating (when using H2) but this is the same for all other software applications. Some impatient consumers would simply swarm to the H2 database forum and switch on their Capslock and type a message for help expecting an immediate fix.

Rather than complaining, consumers should actively try to support H2 and it's team by helping out with creating patches if they think they are up to it or submit some useful source codes they hope that could be included into H2 releases in the future.

I have personally done some hacking with H2 to get what I want from it since I acknowledge that H2 cannot always fulfil the features I want.

I hope H2 consumers could be patient with the H2 team and not be unreasonable with feature requests while always keeping in mind H2's goal (I don't mean to stop everyone from submitting their feature requests, but be tactful and considerate).

Pot calling the kettle black

Read:

• http://www.goodgearguide.com.au/article/373147/microsoft_fights_apple_trademark_app_store_/

Microsoft is doing it simply so they can benefit as well from terms like 'App Store'. Both of them, Apple and Microsoft - one is a kettle, other is a pot... - are all black to start with.

Tyranical Act of Targetting Wikileaks Supporters

Read:

• http://www.guardian.co.uk/media/2011/jan/08/us-twitter-hand-icelandic-wikileaks-messages
• http://www.salon.com/news/opinion/glenn_greenwald/2011/01/07/twitter/index.html
• http://news.cnet.com/8301-31921_3-20027893-281.html
• http://yro.slashdot.org/story/11/01/08/091225/WikiLeaks-Supporters-Twitter-Accounts-Subpoenaed
• http://www.salon.com/news/opinion/glenn_greenwald/2011/01/07/twitter/subpoena.pdf
• http://www.boingboing.net/2011/01/07/report-us-subpoenas.html
  

When would the US Govt ever realize that many of their act against Wikileaks are not only unconstitutional and against the Freedom of the people of their own nation but against citizens of foreign nations ?

Have the US Govt become a breeding ground for lawless and reckless political decision makings that is hypocritical and dangerous against themselves and others ?

When would such a reckless and stupid government ever realize it's own mistakes and hypocrisies and act to correct them quickly and earnestly with full unreserved efforts ?

Don't frequent your forums

Read:

• http://jeff-vogel.blogspot.com/2011/01/three-reasons-creators-should-never.html

This blog is good advise and it's true that you need to filter the good ideas and the bad ideas in a forum. It isn't something easily done at all and users can give ideas that really spoil the next version or release of your software. But that doesn't mean that you should ignore ideas.

I personally feel that it is a balance between visiting a forum and taking in ideas and criticism and trying to stay focus and true to your project goals. It is very hard to give a sweeping statement like 'don't visit the forums'. No... it's a sweeping statement in anyway and too extreme. I would still advocate visiting the forums to find some ideas but it's up to the project leader to balance the fulfilment of ideas from users and the main project goal by retrospection and self understanding.

If people have something personal and negative for their hate messages... all you do is smile at them and leave them as they are or if you are an admin, you simply ban them and remove their messages for the act of committing personal insults.

Things like feature requests and bugzilla are for submitting bugs and feature requests anyways. These are the places bugs and features requests should go... rather than forums.

In the arts of Knowledge Management in IT, forums is a good place to find ideas but because it's a place that is rather 'fuzzy' it can be a 'love-hate' affair. It is nevertheless a place to go but it all boils down to attitude, goals, principles.... things that manages the person who drives the project. The people out there can say all the want.. helpful or not helpful stuff... but it is the people in the project rather than the people sharing their ideas that matter when it comes down to project planning and design.

Stallman on Wikileaks's Protests

Read:

• http://www.defectivebydesign.org/wikileaks

A very good and well written essay by FOSS founder, Richard Stallman.