Author: Arie Jones

Maintaining the Security-Worthlessness of Java is Oracle’s Priority

Nandini Ramani, leader of Oracle’s Java development, wrote an interesting blog post last week here on all the security vulnerabilities that have been plaguing Java here recently. Actually it was more of a defense of “Hey, it’s hard writing software and we have to follow these procedures that are REALLY complicated”. Let’s look at some of what was said….. Over the past year, there have been several reports of security vulnerabilities in Java, primarily affecting Java running in Web browsers. Well, it hasn’t been just reports. That makes it sound like a bigfoot sighting or something. These were very serious security holes that Oracle tried to not respond to and just release patches as quickly as possible. Like those horror movies were the woman is hunkered down in the closet with the baddie in the bedroom saying “please don’t find me….please don’t find me”. Whenever Oracle makes an acquisition, acquired product lines are required to conform to Oracle policies and procedures, including those comprising Oracle Software Security Assurance.  As a result, for example, the Java development organization had to adopt Oracle’s Security Fixing Policies, which among other things mandate that issues must be resolved in priority order and addressed within a certain period of time. Well, except that Oracle has owned Java since 2009. Sorry guys it’s 2013 and these procedures should be much more fluid. That and the...

Read More

SSIS Row Comparison By Checksum

I recently ran across an SSIS package that needed to be rewritten that included the Checksum Transformation from SQLIS.com . The main reason was that they wanted the removal of the component because they were using it to compare rows instead of using something like a Slowly Changing Dimension Transformation (SCD). While their process seemed to be solid on the surface they were having problems with it not accurately identifying changes in certain columns. Right away I knew that the issue was related to the columns in question being text data types.  I knew this specifically because I had written A LOOOONG time ago a database comparison tool that used checksums as part of the data comparison algorithm. The problem stems from the fact that SQL Server and really a lot of Checksum algorithms cannot accurately compare certain types of fields. Specifically from MSDN…   Syntax CHECKSUM ( * | expression [ ,...n ] ) Arguments * Specifies that computation is over all the columns of the table. CHECKSUM returns an error if any column is of noncomparable data type. Noncomparable data types are text, ntext, image, and cursor, as well as sql_variant with any of the above types as its base type. Now while the component doesn’t necessarily use the CHECKSUM function within SQL Server, it still suffers from the same  limitation. You do however have some options....

Read More

@MaxCDN: The Proper Way to Handle a Hack

It’s not often that I give out praise for how a company handles a security breach, especially one that could contains usernames and passwords. Normally, the scenario is as follows: Deny Deny Stall Cover-up Fess-up Ask for forgiveness and promise to never, ever, do it again   This was not the case today when I was notified by MaxCDN , whom I use for a CDN service for the site, about an apparent breach over the the Memorial Day weekend. They seem to have quickly identified the breach, closed off loopholes, and notified me of everything that was going down to include that my password would need to be reset. Actually, they went beyond that in that I know for a fact that they immediately expired everyone’s passwords because I found it old several nights ago that I was prompted to reset my password. At the time, I thought “Oh well, must have been something that I did or didn’t do” when in fact it was MaxCDN’s team going about ensuring the integrity of the system. Below, is the copy of the email that I received from their team. Kudos to the people involved. Cheers! AJ Email Excerpt ———————————————————————   From: MaxCDNSent: 5/30/2013 12:42 PMTo: ArieSubject: Important Security Update: Resetting your Credentials Dear Customer, Over the Memorial Day weekend the NetDNA (parent company of MaxCDN) Operations team responded to...

Read More

Windows 8, Is It Really DOA?

Issues or Not? Over the past couple of days I have read some very interesting posts by people having issues with Windows 8 or the perception that Windows 8 doesn’t have something when it actually does. In particular, this post on Softpedia here and this one on Binary Passion here kind of illustrate my point. So I thought it would be kind of nice to address each of these and to discuss if the OS is really DOA or not. The first thing to realize is that the OS is based around the idea of having touch enabled devices, so I am the first to admit that without a touch enabled screen it’s a little more unnatural to move about but it definitely works once you get used to it. So in the first article, the authors first point is that the Modern applications need to have a close button. Well, this is actually already built into the system via one of two ways…which definitely do not include the use of Task Manager. The first, is good ol’ Alt-F4 . Yep that’s right. Alt-F4 still works by closing the application whether it’s a desktop application or a Modern one. The second method involves a gesture…either with the mouse or ,if touch enabled, with your finger. Basically, its just swiping from the top of the screen to the bottom…that simple. Just like...

Read More

The Future of Bitcoin?

A lot of press has been made of Bitcoin in the last few years, but what exactly is the phenomenon and how could or would it affect the way that we handle transactions? Background For the uninitiated. Bitcoin is a form of cryptocurrency … or more plainly stated, it’s a form of digital currency that relies on cryptography and also involves a process known as proof-of-work to create and manage the currency. The Bitcoin model is a unique form of cash system in that it is highly distributed by use of a peer-to-peer system that uses a ledger and the ledger is updated by p2p file sharing technology. It’s also unique in the fact that, unlike paper currencies, there is a total limit to the number of Bitcoin that will ever be produced and further that the currency can be subdivided down to eight decimal places… Strange I know but once you get past formulas and the scientific blah blah blah.. it is really quite a simple process. Bitcoin servers are the responsible entities for handling transactions. Transactions are collected up into what is known as a block The servers now “work” on finding a  solution to a complex computation on the block. Once a solution is found, the Bitcoin server finding the solution broadcasts that to the collective and also get paid with some newly created “coins” Rinse...

Read More