Wednesday, April 9, 2014

Heartbleed and the importance of tracking software

Many people have pointed out heartbleed (See heartbleed.com) as a reason for there to be more extensive code audit of this core piece of software. I however see another thing we should consider doing. Personal computers should be able to easily update all programs on them that could be affected and have easy ways to update said libraries or code.

The catch is, this exists on the server world. We have many many ways to audit servers and defend against these problems and to update quickly when an exploit is found. The user side however is a slightly different story. Many people forget that heart break is not just a server side exploit but is a problem with the core openssl library. That means any tools that use an affected version or even possibly web browsers if they use openssl could be vulnerable. However with the exception of Linux distress (such as Debian), there is no easy way to keep all our applications up to date.

One may point to the OS X App Store or the Windows Store introduced in Windows 8, but this is not sufficient. Both are more concerned with verifying the creator than allowing open usage. Why are many open source apps not on the app stores? Because the terms on the app stores violate the GPL license terms explicitly. Not only that but it often costs to get keys to develop on a system. This goes against the idea of open source software. It limits the ease at which developers can switch off and contribute builds, etc. Instead Apple and Windows needs to reach out to open source developers to make it easier for open source software to appear in their given stores.

So in closing, while heartbleed is being patched on servers and everyone rushes to expand auditing of OpenSSL, please think about better software tracking and updating to help prevent similar browser-side exploits from having an extended attack surface.

Tuesday, April 23, 2013

Predicting the Internet

Sometimes the internet is hard to predict. Actually I would go so far to say it is almost unpredictable. So first I would like to gloat for one line:

I was right on with weave. Almost all modern browsers (Opera, Chrome, Firefox) now offers built in bookmark synchronization.

And sometimes, you are wrong, but not always entirely. This would be the case with Ubiquity. If you have not read my old post (and its probably not worth going back to read currently), you would no doubt have noticed that Ubiquity has disappeared in Firefox, a forgotten remnant of the past. Not all was lost however. Many of the features are maintained in Firefox, such as the ability to switch tabs using the navigation bar, or the built in translate function in Chrome. Although it in itself is dead, I hope many of the ideas used will crop up in future software.

Monday, July 23, 2012

Terminal Editors for Quick Coding

I have recently come to realize that editing files in the terminal with the right set of tools and commands can be far quicker than working in a standard text editor. The biggest disadvantage is you cannot click where you want your pointer to be which can severely slow things down until you realize, there are better ways to find things using this console program anyways!

So first a quick rundown of advantages of using a console editor:


  • Quick find/replace on large files with no mouse interaction
  • Very powerful keybindings
  • Powerful external execution commands
It is amazing how much work has been put into these tools. Imagine all the work put into Microsoft Word, focused on a terminal editor!

My current tool of choice is vim, an enhanced version of the vi editor which in itself is built on the old ed line editor. I am just going to tick off the most commonly used commands that make using vim easier for me. Remember, escape will put you in command mode if you are in insert or replace mode.

Basic operation:
  • I: Insert text at the beginning of the line
  • i: Insert text at the cursor
  • A: Append text to the end of the line. Although there is a key for automatically going to the end of the line, I find it easier to just use this and press A to get back to command mode.
  • Control-U/Control-D: Move half a page up or down. Good if you just need to see a little more of the surrounding code, or are looking for something but do not know exactly what it is called for a search function.
  • x: Delete one character at the cursor.
  • dd: Delete a line (Also used for cut)
  • yy: Copy a line
  • p: Paste after cursor (or if its a line, past after this line)
  • u: Undo
These are the most basic commands you need to be functional. Insert, delete, cut, copy, paste, and search.

More Operations:
  • /[expression]: Search for a string. This can be a regular expression. Pressing n will find the next match.
  • ndd: Where n is a number of lines. Multiple delete. Works with yy, x and several other places.
  • d/[expression]: Delete until this expression matches. Good for deleting till the end of a programatic statement. Can also be done with y and other places.
  • D: Delete to the end of the line
  • ~: Possibly one of the lesser used operations until you realize its useful. Changes letter case.f
These next operations are command mode operations. You do these by pressing the : key.

Command Mode Operations:
  • [LINENO]: Simply enter a line number and it will jump to it
  • %s/expression/replacement/gc: Searches the file for expression, every time it is encountered it will prompt you to ask if it should replace it with the replacement. If you do not want it to prompt, remove the letter c at the end. Nice for renaming a variable quickly or removing a typo you made multiple times.
  • g/expression/command: Where expression is a regex and command is a vi command (such as d, which would cause it to delete the line). Runs the command when it finds a matching regex.
  • % ! sort: Sends the file to the sort commands and puts the response back into the file. Note that % stands for the entire file. Ranges can be used instead.
  • !wc %: Runs wc with the entire file as the input. Simply gives you a response but does not alter the file.
An interesting thing about vi is it also has a "visual" mode. For this, you press control-v and select what you want. Then you can use a command such as x (remove the selected area), I (insert in front of the selected lines, s (substitute the first character and keep typing), and more. I personally like this feature to fix indents. There may be a better way, but to delete an indent, just select the indent length, go down as far as you want, then just press x. This is far easier than typing 4x on each line. For adding indents, this is also very helpful as you can select the line, use I, and add four spaces (or how ever many you need).

VIM is a very powerful tool once you start using it, but it is not for everyone and it does have a learning curve. Until you learn a few functions, it will be very annoying. The mix of command mode versus typing mode can be very disconcerting for a new user, but I have found that I like it quite a lot. Those who want something else may like emacs, or if you prefer a smaller emacs, Linus Torvalds recently posted in a G+ post that he personally likes uEmacs/PK 4.0

In the beginning, command line editors can be far slower than notepad and other editors out there, but with a little practice, you will easily outpace your wordpad editing friends. xD

Monday, December 14, 2009

Java For-Loop Effeciency: .size()

Many majors in most colleges require Comp Sci to some degree, generally teaching java. I have always found the underlying pinnings of languages very interesting, so this may bore some of my readers, and some, it may catch your interest.

This makes perfect sense, but I do not think many people realize it. It is better to allocate a variable outside a for loop as apposed to using a .size method inside it. Of course, being ever curious, I decided to test this. Bellow is the code I made (yes, its bad, but it was written quickly.)


import java.util.ArrayList;


public class Tester {


public static void main(String []argv) {

ArrayList test = new ArrayList();

test.add("a");

test.add("b");

test.add("a");

test.add("b");

test.add("a");

test.add("b");

test.add("a");

test.add("b");

test.add("a");

test.add("b");

test.add("a");

test.add("b");

test.add("a");

test.add("b");

test.add("a");

test.add("b");

test.add("a");

test.add("b");

test.add("a");

test.add("b");

test.add("a");

test.add("b");

test.add("a");

test.add("b");

test.add("a");

test.add("b");

test.add("a");

test.add("b");

test.add("a");

test.add("b");

System.out.println("The array has " + test.size() + " objects");

long startTime = System.nanoTime();

withSize((ArrayList)test.clone());

long timeDiff = System.nanoTime() - startTime;

System.out.println("With bad coding style :" + timeDiff + "");

long startTime2 = System.nanoTime();

withoutSize((ArrayList)test.clone());

long timeDiff2 = System.nanoTime() - startTime2;

System.out.println("With good coding style :" + timeDiff2 + "");

}

public static void withSize( ArrayList ar) {

for(int a = 0; a<ar.size()-1; a++) {

ar.set(a,ar.get(a)+ar.get(a+1));

}

}

public static void withoutSize( ArrayList ar) {

//Notice that ar.size() is not in the loop

int b = ar.size();

for(int a = 0;a<ar.size()-1;a++) {

ar.set(a,ar.get(a)+ar.get(a+1));

}

}

}

You will find pretty consistently that the second loop executes quicker. As for memory allocation assigning int b outside a loop, an int is a 32 bit object, which is really not much considering how big we make our memory and that it will be dealloc'd after the method completes. Of course, the time difference is in nanoseconds, but over time I am sure the for loops in code do build up, especially as code gets longer and longer.

An important, almost ironic note, this will not work on Windows, the timer does not have a good enough resolution.

Sunday, December 6, 2009

Midnight Maddness

So, its midnight again. Half awake, half asleep, more homework to do, but don't want to do it. I am sure everyone here has had that feeling of oncoming dread that is work, or even worse, last minute assignments before exams.

So what is my solution? Google!

Yep, thats right, google to the rescue! Google is the mastermind of anything. Is there anything google cannot do?

Give it another year, and we wont even need to click dial to order pizza, Google will know our preferences via our search habits, we will just search it and google will call and order pizza for us! Google pioneers everything. Try to go a full week without hearing something about google. Lets just face it, Google is awesome, and the ultimate distraction!

Wednesday, December 2, 2009

Weave: The future of cross-computer browsing

Every browser implements bookmarks in some way, and almost every user type, despite their technical skill levels, use them. Browsers are made initially an audience, and to shape into a perfect fit for a person.

What makes firefox so great? Why do people love it so much?

Personalization

Thats right, the ability to add their own plugins, and set up features just the way they like it. Every time I use internet explorer or safari on a friends computer, it almost always feels the same, with firefox, it feels different. Every time you open it up, the user has different plugins, different awesome-bar results, themes, etc. Google knows that the browser is a personal experience, hence their implementation of the uni-bar idea in the Google Chrome browser.

But I digress, my point is, that the browser becomes a personal experience, it knows what you commonly open, it can save passwords, it can hold bookmarks, and when you go to a different computer, it just does not feel the same. So how do you make your computers feel the same, when you go from your desktop to your laptop, how do you keep everything you have on one with the other. The answer is simple: Weave.

Weave is a plugin for Mozilla Firefox being developed in Mozilla Labs. It allows you to sync *everything* in Firefox, from search results, to bookmarks, to your open tabs, to your passwords, and whats more, it does it securely. Thats right, a completely secure way to transfer all of your data.

For the more technical readers, the security system goes something like this. You create a name and a password on the server so you can retrieve your data. Then your data is encrypted by a locked key. When you try to retrieve your data, it first sends you the key that you must unlock with a super secret passphrase. Everything you send is encrypted before it hits the server and is decrypted only at the end computer. The server has no way to read the data since it never sees your passphrase.

Right now, this program is still in heavy development, eventually it will let you sync plugins and eventually even sync your bookmarks with mobile devices. Everything is open and new ideas are as always welcome to this project. I highly recommend everyone takes a look at this. Worst comes to worse, if your computer crashes, your bookmarks will be safe. :P

Sunday, June 21, 2009

Linux VS Mac VS Windows

I am tired of the constant battle of computers on which is better. Some people are completely set on windows and will defend it to the very end, others insist on the ultimate power of the mac, and finally, a handful stand strong for under-appreciated Linux.

People constantly say one is the best for everything, but anyone who has worked with computers long enough knows that there is not necessarily one best solution for everything. So therefore, I will try to lay out clearly and in plain english the advantages and disadvantages of the three in the way that I see it.

Windows

Although this applies to most modern windows platforms, I would like to note that I tend to use Windows XP more than Windows Vista, so the review will tend to favor that version.

Advantages:
  • Most common OS in the world, with millions of apps worldwide made for it
  • Easy to use, yet with a decent degree of easy to get to control.
  • Program for anything you need, almost anything you can find on another OS, you can find on windows
  • Standardized installers and all applications have a very uniform look and feel
  • Computer itself with basic OS is cheapest
  • Can be virtualized
Disadvantages:
  • Worst memory management of the three
  • Difficult to customize
  • Applications have to be updated separately using their own updaters
  • Common Microsoft apps are expensive, plus licensing issues can crop up.
  • Most computers put a lot of trialware and "crapware" on the new computers, making them feel slower.
  • Drivers can sometimes be hard to locate, not work right, or be difficult to set up
  • Although sometimes faster virtualized, it is slightly less efficient as a host and with less virtualization optimizations.
Mac
This is based off of primarily OS X, Leopard.

Advantages:
  • Most ease of use
  • Consistent interfaces
  • Can run *some* windows apps in wine and some have Mac candidates
  • Most linux apps can run on Mac OS X, but not all
  • Easiest Application installation
  • Consistent Hardware (No hardware incompatibilities or bad drivers, its all made by mac in a controlled environment to allow for this better compatibility.)
  • Most things just work
  • Better memory management
  • Can run other OSs in a virtual machine with high efficiency.
  • App Suites are mostly automatically updated through one updater
  • Always *feels* fast due to handing off a lot of graphics to a dedicated GPU.
Disadvantages:
  • Hardest for fine control and extreme customization
  • Expensive Expensive Expensive
  • Not *all* applications get a central updater, just some
  • Some drivers just are not available for the Mac
  • Cannot write to NTFS formated disks, which is the most common format for USB disks that are used on windows computers.
  • Takes some getting used to if you tend to use other OSs such as Windows or Linux
  • Cannot be virtualized
Linux
This is based on general Linux experience, although I tend to use openSuSE, Fedora, Ubuntu, Debian, and some other random distros.

Advantages:
  • Tons of options and choices
  • Drivers for almost everything, possibly the most compatible OS
  • Runs on almost anything, even low powered computers
  • Free, office suite and all
  • Most distros have a single updater which means less background update processes
  • Most customizable
  • Applications for everything
  • Best virtualizing host and memory management.
  • Most degree of control and can be optimized for ones specific machine the best
  • Can read and write NTFS from windows and can dual boot them all
Disadvantages:
  • Tons of options and choices
  • Complex install and requires knowledge about the OS (AKA, steep learning curve)
  • Highly inconsistent interfaces and many options
  • High terminal text based use
  • *Feels* the most foreign to new users.

It is ironic, Linux's best asset is also its worst pitfall. It is so customizable and so optimize-able, that it sacrifices simplicity. If you look, I found less disadvantages, but the disadvantages are more notable to the average user than the other two OSs.

It is important to note that these are *not* the only three operating systems out there. Others still exist, although these three are commonly considered the most viable for desktop operating systems.

This comparison is geared towards those who have a moderate to low knowledge of computer operating systems, so if you have any questions, feel free to ask them in the comments.