Thursday, April 28, 2011

Sony PlayStation netWork hacKing eXplained

SONY now says that PlayStation user credit card info was encrypted (at some level) - but they continue to suggest that the relevant tables may have been accessed.
The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.
Very sophisticated indeed.

SONY has posted this FAQ. It includes this paternalistic gem:
For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information
Mind you, SONY did not take much care with that user personal information.  "We will not give out your information."  We will not do much to protect it, either.

Wednesday, April 27, 2011

SONY PlayStation network user credit card info hacked

 
The SONY admission that a hacker may have accessed all user info short of credit card 4-digit CSC's should lead to a class-action lawsuit in the USA.

Users should have had the option to use their hardware as the basis for a public-private key encryption of personal information.

The main reason not to do so is greed: SONY required access to pursue fraud and non-payment.  Let SONY now balance this against their present plight.

In all likelihood Oracle relational databases were used by SONY.  Storing strings in relational tables is easy for the developer and a joy for the hacker.  But what functionality could have required relational tables for the personal information of users? Well, it may have made things easier, faster and cheaper for the SONY info tech folks.  Manager gets bonus but users get ...

Sadly, the focus now is likely to be on network security.  And a Master appointed to advise a judge would likely come from the world in which Oracle DB tables are the norm for any and all data.

Access to data should have been on a process basis and no hacker should have been able to fork such a process: only such a process should have been able to convert that data into readable and usable information.

So ... had SONY used Erlang, would their customers be in this sad situation today?  And that is only one option from their asset stables.

Users will have a different view: regardless, of the technology in play, they should have been notified pronto.  Forget KISS, CRUD and ACID. The term of the day is PRONTO.

With any luck, the hacker was in for cred and not credit cards.  But SONY is a giant and this should be a sobering moment for corp IT that is public-facing.  And for users? Well, caveat emptor.  And then get a lawyer with a proven record in class actions.

Monday, April 18, 2011

Western Digital WD MyBook Premium HID 1394 Firewire external drive problems

When we relocated, I parted with a number of old office DVD's.  I have owned a few external Western Digital harddrives and it seems that the DVD for my current MyBook went the way of "all the things".

Since that time my UPS failed after repeated brown-outs here up the Saint John River near the hydropower station.  One victim recently was the WD MyBook.

Like most corporations, I remain on Windows XP.  One of the drawbacks of XP is its ability to handle Firewire.  Then there is the firmware in the WD enclosure.

The problem was simple: XP refused to recognize the drive, and if it did , it would give a code 10 error for "device cannot start".  It would usually take over an hour to get the drive up.  A cold reboot in safe mode and then a cold shutdown followed by a normal restart would sometimes result in my being able - after several attempts - to get the device to spinup.

On one occasion, using the hardware device manager to enable and then again disable 1394 networking resulted in the happy result.  On other occasions, an uninstall and reinstall.  Sometimes the Windows driver would suffice, sometimes the WD driver and sometimes the device would be an anonymous disk drive and reported as a HID device with a problem.

But there is hope.  The WD spindown utility seems to work ( I can now even let XP go into SLEEP mode and the drive spins up as we awaken.)

Here is what has been working (lately.)  I restart and then launch the Process Explorer ( from Microsoft's web "Power Toys" after ensuring that I have a clean shutdown and restart of XP (one cold cycle through Safe mode + Networking and one warm cycle as a normal user doing the cycle start/logon/restart. )  If XP will not shutdown cleanly, all bets are off.  Here goes:

1) kill the explorer process with Process Explorer
2) start explorer  from within PE
3) use Process Explorer to kill itself (we don't want PE as the parent of explorer)
4) restart Process Explorer from Windows Explorer desktop
5) attach the drive
6) start the spindown utility ( it may report only a generic drive, but no matter.)

Thereafter, spindown the drive before sleep or powerdown or as you like.

You may try letting XP do the spindown, but painful experience has taught me to do it explicitly.  My suspicions lie with the "Button Light" firmware which puts itself up as a 1394 HID device, but that's just my gut feel when the icing is there but the cake is missing ...

Now, for my own sanity, the drive is set for quick removal, not delayed-write, but just in case, I run a little Rebol script at low priority - that script writes to the drive every 9.5 minutes.  It is started in a cmd shell and then PE is used to kill that shell.  I then set the Rebol process to be full screen ( I have a few uses for Rebol during the day and am less likely to close this one's window inadvertantly.)  The downside is that I have to remember to kill it when I do want the device to spindown.  Unwanted spindown is such a headache with these WD drives and the spindown utility lacks the WD "Button" utility's command line option to adjust the interval.  But the latter is just too annoying and useless ...

I should add two items:  with device manager I have disabled the annoying WD button as an HID device and with msconfig I have blocked it from being in the XP startup.

It is possible to have the correct drive noticed and it is possible to run with the default Microsoft XP SP3 disk driver but I am doing best just now with the WD driver  – and a new external drive (not WD) is on the way via UPS.  But this is Fredericton, NB, so that will be another story ....

Thursday, April 14, 2011

IE blogger

 
Internet Explorer was going berserk on this blog!  This was not the case for Google Chrome or Firefox.

Why?

Too many links in the Tag Cloud widget!

I restricted the tags that can appear in the widget and IE behaves.
 

Tuesday, April 12, 2011

JNode OS

Over at sourceforge.net there is activity on the JNode Java OS.  Although the files to download are unchanged since 2009, commits continued through March 2011.

Seaside Tutorial and Lulu eBook

 
I don't recall posting a link to this tutorial for Seaside for Smalltalk.

There is also a Lulu book.

There are many thinks going on in Smalltalk these days (Cog VM, Roar VM, Pharo, revival of instantiations.com) but Seaside, like SOUL, is one of the best indications of the strength of Smalltalk as compared to Java, Ruby or Python.

I noted with annoyance that there is almost no mention of Smalltalk in the VM article on en.wikipedia.org  — the reader would think it all began in Java!

Saturday, April 2, 2011

Free Makichan Tex Viewer for Windows

The free WIndows Tex Viewer from Makichan - their "Scientific Viewer" - amused me today. Here is a screenshot:


Note the jagged mossy-green around the white background of the text.  That lovely green is my Windows preference for a default background in any window where the code does not set the background.

In some other Tex documents it became just nasty.

For many weeks this was also the case at www.qtask.com - one CSS setting missing.  Oh vey.

Remember when C programming for Windows began with the bare Frame?  Now we have both alpha-settings and this sort of silliness.

Where does user acceptance testing go wrong in these cases?  The testers don't know Windows?