Tools To Analyze Java hs_err Files

28. July, 2011

Java crash dumps contain lots of valuable information but one thing is missing: The versions of the libraries installed.

I’ve started a new project on github to gather this info from a hs_err_pid file: Java-hs_err_pid-List-Library-Versions

Currently, only Debian is supported.

 

 


Unbreakable

27. July, 2011

Nice advertisement for unbreakable security glass on WIN! blog (Warning: Set your adblockers to “Armageddon”)


LDA #0; JSR $C000

25. July, 2011

Remember the C64 and it’s CPU, the 6510?

There is a web project which shows a 6502/10 CPU simulator (in which you can see the die and how it’s state changes as a program is executed). Needs HTML5 and lots of RAM.


7 Ways To Ruin A Technological Revolution

24. July, 2011

7 Ways To Ruin A Technological Revolution” is a Google Tech Talk by James Boyle in which he shows honest and sincere ways to stifle technological progress. And unlike him, I’m not ironic. A lot of stifling happens because we deem some things too dangerous. His 7 ways are:

  1. Ignore all empirical evidence and build our view of the world on hearsay
  2. Have a one-sided view of things. Always look at the costs and ignore the benefits. Be afraid of openness and prefer control.
  3. Focus more in outputs than on inputs. So protect the new book but ignore that most of the knowledge in any new book actually comes from existing books.
  4. Ridicule or ignore types of creativity that don’t fit the bill.
  5. Ditch all the technologies and openness we have because they kind of contradict points 1-4. It’s kind of silly saying openness just doesn’t work or that no one is ever going to publish anything without strict IP laws to keep people out when you have, say, Wikipedia. This means getting rid of the general purpose computer and network neutrality.
  6. Go international to keep small fry (like watch groups and NGOs) out of the game. Always harmonize “up”, that is towards tighter control. If one country has 25 years and another 75 years IP protection, the result is always 75 years for both (taking 50 years “away” from one country but that’s not a loss since that wasn’t a “right” before). Rights in such treaties are almost always mandatory, exceptions are optional (because more control is better, see #2).
  7. Make sure “critics fail to engage with the political process”. “It’s as if we have sought to turn self-marginalization to the level of an Olympic sport.” (0:26:14) Apathy also helps.

Some thoughts on #4 (after 0:18:00): Our society is built on sharing. Or did you pay back the $200’000 which your parents invested in raising you? Countless hours wasted playing with you as toddler which they could have spent at work instead. All the money spent on clothes that you didn’t want to wear anyway. The water polluted washing them which could have been used to grow food for more money.

“It’s commercial use if you get for free what you otherwise would have to pay for.” (0:20:16) If companies and IP policy makers had their say, you’d have to pay your girlfriend for a date just like for a prostitute. What else is date than a perfect business opportunity wasted because of “anti-capitalistic” hormones – or so some people seem to think. While we’re at it, let’s ask money for Christmas presents, too! Talk to a friend? It’s Cheap Friday, so it’s only $25 instead of $50/hr.

Such a view of the world ignores the benefits of these actions. When an author writes a new book, how much money goes back to the people who invented the written word? The printing press or the Internet? Who taught the author to write? Who sparked new ideas in his mind? So we have to be unjust somewhere but are we unjust in the right place?

Or maybe I’m wrong. At the end of his speech around 0:35:50 he says something interesting: “It is scary to me that the technologies that would enable the Google equivalent in the next technological cycle are being developed under the conditions that I have described. Because you would have to be an insane optimist to think that none of that is going to get screwed up by the processes that I described and I’m far from being an optimist.”

It’s interesting because we don’t know what will work and what will fail. Maybe this kind of resistance is necessary to separate good ideas from bad ones: Only a really good idea can overcome these obstacles. It has to be overwhelming enough to change the world. Since we can’t tell which idea should win, this might be the only way to weed the bad ones out.

Scary thought: Maybe superior technology like the Amiga didn’t change the world because it didn’t have what it takes – whatever that might be. All I can say from this point in time: We don’t have an Amiga on every desk, we have a PC on every desk. Steve Jobs knows his stuff but there is no Apple computer on every desk either. But there is an iPhone on (almost) every desk. Not a Windows phone. So the formula is Windows + PC == success, not Microsoft == success.

That said, not all is lost. I haven’t put my hands on an Amiga computer for more than a decade but I use the skills every day that I acquired with its beautiful OS. Amiga is dead, today’s hackers have Linux.

I think the good news is that the bad guys eventually fail because there is no limit to their greed. Eventually, they manage to upset even their most die hard supporters. Sony harassed Georg Hotz. Nothing happened. Sony lost 300 million customer records. The US government shows up to ask some serious questions. And the Zurich insurance refuses to cover the damages. Hm…

Interesting links:


Who is Responsible For Data Theft?

22. July, 2011

Would you like to see your name, address, birth date and email on a public bill board? On the main street? What if the bill board is behind a big sign “don’t read this”?

If that worries you, why do you give your data to web sites of big companies? Many of them, even the big ones, show very little interest in keeping your contact detains secure. Many sites are still vulnerable to cross site scripting or SQL injections.

If anyone puts your life or privacy at risk, they are liable – except when web sites are involved. Even if they violate common sense and even the most basic rules of security, the worst that can happen is that they have to apologize. Pollute some fish? To Jail! Lose 300 million customer records? Oops, sorry about that.

Paul Venezia asked an interesting question: Should companies be accountable for the security risks they take? He says:

In the United States, at least, very specific laws govern patient information and how it is stored, accessed, and disseminated. HIPAA regulations were put into place to ensure that sensitive patient information isn’t distributed to just anyone — that is, only to the people who need that information. They also prevent health care providers from discussing any type of patient information with anyone else. They were explicitly designed to protect patients, and each patient must sign a waiver to authorize the release of that information to another person or party. Yet we have no regulations on the storage, access, and dissemination of sensitive user information on public websites — none. Thus, there’s almost no business case for providing any form of high-level security for customer accounts.

Interesting thought. I have two comments:

1. Not individual developers should be liable but the company which runs the site. It should be in their best interest to keep their data secure.

2. Today, it’s too complex to create secure web sites. Yesterday, I used renderSnake to create some HTML. If you supply a string value for output, the default is not to escape HTML special characters like <, > and &.

Creating a login component for a web site is pretty complex business and there is a no reasonable tutorial or template component which you could use that gets most security issues right like:

  1. Transmitting the password via HTTPS (encrypted) instead of using plain text (which anyone in the same LAN can read)
  2. Encrypting the password before it’s stored in the database
  3. Storing the password with a salt to make it harder to attack it with rainbow tables
  4. Escaping special characters in user names and password to prevent cross site scripting or SQL injection.
  5. Avoiding security questions like “Name of your cat?” More than 50 people know the name of my cat! The name might even be on the web somewhere (possibly next to a photo on Flickr) How secure is that?
These are the basic rules to make your web site safe against identity theft. It would be simple to create a law saying “if you violate the rules named once per year by a committee of experts, you’re liable for a hefty fine”. If that would happen, I’d support it.


Talk To The Enemy

18. July, 2011

“Not all power comes from a willingness to kill … Sometimes, it comes from a willingness to die.” – Orson Scott CardRobota.

To use less drastic words: Power comes from a willingness to change the world. There are many ways to do it. Some are more violent than others. Some are easier to mend than others. Some are easier to master, some more efficient. Some won’t leave everyone a victim.

An interesting approach is “T2E – Talk To The Enemy“, a German site where people from all kinds of religions discuss various topics around a central theme: What’s necessary to live together in peace?

It covers basic questions: Why religions? Is the Islam misogynistic? How do you live religion? Religion and politics. Stereotypes. Isn’t Christianity out-dated? Islamic Missionaries – Should Europe convert to the Islam? Religious Terror. Minorities. Why do you hound us? Are Germans too tolerant? The secular society – who still believes in God? Muslims and Christians – Is co-existence possible?

What makes the site interesting is that its made by non-professionals, so the answers are still rough and you feel how they struggle with these complex questions. As we all do. You won’t find the slick, PR polished answers there which some types of people want you to submit to. It’s quite possible that it takes another 1’000 years or even more before we can ease these pains – if ever. But that doesn’t make these answers less real or less important. Quite the contrary.

Laws will not protect us against terrorism. Laws can only punish in retrospect – or they become the very terror they seek to prevent.

Understanding can’t protect you against a bullet. But it’s much harder to shoot someone with flowers in their hair. And your life will be much more enjoyable.