Ranjeet Walunj

February 12, 2009

Argument: Is open source software secure enough ?

I’ve heard this argument by many microsoft/closed source technology evangelist that Open Source softwares are not secure enough.

And any one can easily find the flaw in the software and use it for his benefit.

This week there was an argument on slashdot about the same.

According to the Linus’s Law, “given enough eyeballs, all bugs are shallow”. More formally: “Given a large enough beta-tester and co-developer base, almost every problem will be characterized quickly and the fix will be obvious to someone.” — this rule was formulated by ESR (Eric S. Raymond).

Open Source due to its very own nature of revealing all catches attention of all users/hackers/programmers across the world using that software. (Pls Note: Hackers always have good intentions.)

The source code is validated by many learned people and if any flaw is found it is quickly reported and fixed.
If a certain OSS is subject to vulnerability continuously then it looses its charm and people quickly migrate to more secure alternatives.
(For example: Most of the new installations of mail servers are based on qmail/postfix rather than Sendmail)

In case of closed source (for e.g. windows) it takes long time to report flaw and much longer to fix it.

I dont hate microsoft, infact i use windows XP for most of my day job and happy with it. But I feel much flexibility with my linux. Most importantly if something is going wrong I know where to check and what could be the reasons. (syslogs are also great friend)

But talking about security NO OSS is less secure than any closed source software just because it is open in nature or for that matter any other reason.

Lots of learned independent developers/testers/reviewers have gone through the codes/designs/outcomes of the OSS and have contributed to the security threats/bugs/potential problems.

Collective intelligence (worldwide) is always superior to a closed group of people.

As someone suggested it is easy to experience than arguing over this.

Best is to deploy for yourself and run weekly penetrative testing to see the possible results.

There is no security from stupid actions of users/administrators, however assuming security by obfuscation/closed source is nothing bu stupidity.

I’ve been personally using OSS for years now and absolutely happy with the way it has helped me in learning things.

January 17, 2009

BarCamp #5 at Mumbai (VJTI – Matunga)

I’ve tried attending few of the last barcamp’s at mumbai and always look forward to see what new I can learn from the same.

I’ve met few of my good contacts at barcamps and learned a lot from them.

My friend Satish Vijaykumar aka BombayLives (twitter – @bombaylives) have been the major driving force for me to attend the same.
And last barcamp at IIT, he has taken a cool photograph of mine with Fedora Hat on (RedHat) — (which i’m using everywhere as profile –even if there are mixed reviews bout my looks 😉  )

This year satish has even made resolution that he will attend all the tweetups/blogcamps/barcamps happening in mumbai … 🙂

Anyways point is BarCamp Mumbai 5 will be held at VJTI, Matunga, Mumbai on Sunday, February 1st, 2009.

I love it when such events are pretty close to my house 😉

If I manage to find some time and finish my project, then probably I’ll be trying to take a session. Otherwise I’m there to learn and spread good karma … Would love to be volunteer … (And this will not have hidden agenda to get few extra cool barcamp T-shirts/goodies 😉

For people who don’t know what barcamp is : (I’ve taken following content from http://barcampmumbai.org/)

for people who don’t know how to get there — pls check : http://barcampmumbai.org/BCM5_Venue

BCM5 is not 2 day event as last barcamp …  its debatable … but I preffer one day camp than the 2 day spread …

—————————————————————————————————————————————————————–

BarCamp is an ad-hoc gathering born from the desire for people to share and learn in an open environment.
It is an intense event with discussions, demos and interaction from participants.

(I love to see some fights happening @ bcm5 — some nice intellectual fights )

BarCamp is in essence a conference without a preset agenda.
We prefer the term ‘unconference’ actually.
A bunch of smart people meet up over the weekend, put up a schedule on a wall and spend the rest of their time
taking up sessions and discussions with each other.

There is no audience. Only participants. So host a session, help out with planning, ask questions, spread the word-

Everybody is invited. There really are no walls.

—————————————————————————————————————————————————————–

Please visit official Barcamp Mumbai wiki — http://barcampmumbai.org/

BarCamp5

BarCamp5

BarCamp?? What BarCamp??

Learn more about BarCamps on the following resources:

* http://en.wikipedia.org/wiki/BarCamp
* http://barcamp.org/WhatToExpect
* http://barcamp.org/TheRulesOfBarCamp

December 22, 2008

Questioning morality of person using pirated software

We all know that piracy in some or other formats cannot be stopped and there have been number of futile attempts in past by large organisations.

And lets admit most of us have used/are using pirated softwares on their home/work computers.

I’ve came across following awesome response by USB Overdrive X to anyone using pirated code to register their software online.

It’s kinda awesome personal request to that person using cracked code, which questions the moral actions of the wrong doers.

Only one issue with the above message: They should have termed the guys as Crackers and not as hackers.

IMHO hackers do have good intentions unlike to crackers.

If I’m using that software illegally, I would definitely consider as paying the license fees.

However it helps that I’m using Linux and open source most of the times, and all softwares on my windows machine are licensed.

USB Overdrive X is a Device drive software used on Mac OS X that handles any USB mouse/trackball/joystick/gamepad or any bluetood mouse.

See the related post on piratesdillema here.

October 23, 2008

Business Intelligence and career options

We have learned about the basics of business intelligence in the previous post.

Business Intelligence (Or BI) is a vast topic which covers various aspects of DSS (Decision Support System).

BI means attain complete wisdom from knowledge which will help taking the best possible decision yielding the best possible result.
To understand knowledge it would be better to have a look Hierarchy of knowledge from following chart.

knowledge discovery to wisdom -- based on Giarratano and Riley 1998

As you can clearly see that from the raw data across multiple systems (after filtering the noise) an information is gathered and stored.

i.e. processed data is referred as ‘information’ depicting how much we understand from the underlying data.

This information when used to solve problem becomes ‘Knowledge’ — Knowledge about knowledge becomes the ‘Meta Knowledge’ which in turn provides ‘wisdom’ to the system.

Broadly “Business Intelligence Roadmap” defines following process for complete project life cycle of BI system.

  1. Justification
    • Business case Assessment
  2. Planning
    • Interprise Structure Evaluation
    • Project planning
  3. Business alalysis
    • Project Requirements Definition
    • Data Analysis
    • Application Prototyping
    • Meta Data Repository Analysis
  4. Design
    • Database Design
    • ETL Design
    • Meta Data Repository Design
  5. Construction
    • ETL Development
    • Application Development
    • Data Mining
    • Meta Data Repository Development
  6. Deployment
    • Implementation
    • Release Evaluation

To complete above BI project lifecycle following team structure is required:

Role Major Responsibilities
Application lead developer Designing and overseeing the development of the access and analysis application (e.g., reports, queries)
BI infrastructure architect Establishing and maintaining the BI technical infrastructure (in some organizations, overseeing the nontechnical infrastructure as well); usually reports to the strategic architect on the extended team
Business representative Participating in modeling sessions, providing data definitions, writing test cases, making business decisions, resolving disputes between business units, and improving the data quality under the control of the business unit represented by this role
Data administrator Performing cross-organizational data analysis, creating the project-specific logical data models, and merging the logical data models into an enterprise logical data model
Data mining expert Choosing and running the data mining tool; must have a statistical background
Data quality analyst Assessing source data quality and preparing data-cleansing specifications for the ETL process
Database administrator Designing, loading, monitoring, and tuning the BI target databases
ETL lead developer Designing and overseeing the ETL process
Meta data administrator Building or licensing (buying), enhancing, loading, and maintaining the meta data repository
Project manager Defining, planning, coordinating, controlling, and reviewing all project activities; tracking and reporting progress; resolving technical and business issues; mentoring the team; negotiating with vendors, the business representative, and the business sponsor; has overall responsibility for the project
Subject matter expert Providing business knowledge about data, processes, and requirements

You can pick up any of the specialization and work towards achieving it. I would try to update this list with other possibilities and details.

I’ve been trying to get data for average salaries earned by BI experts in india, however here is the data from UK market which clearly shows the growth potential.

This document is prepared with the help of following excellent book:
Business Intelligence Roadmap: The Complete Project Lifecycle for Decision-Support Applications — buy here

October 1, 2008

The future of widgets on facebook looks bleak

Filed under: social media, Tech, technology, Web 2.0 — Tags: , , , , — ranjeetwalunj @ 8:36 pm

In the last couple of years there was a big rush of making gadgets/widgets by most of the agencies/companies to have a prominent presence on social media  for the last couple of years.

This involved many widgets being created for Facebook and loads of users adding those widgets to their profile.

One of the goal for the new Facebook design was to make it clean, uncluttered interface by removing few widgets which are not working or not useful.

O’Neil has written : “Widgets have not survived the shift over and my guess is that within a
matter of weeks we will see most top-performing widget applications
practically disappear.”

To drive this point he gives an example of widget created by him called “Bush Countdown Clock” which attracted close to 50K users. It was just a flash badge which allowed users to express. However with the new design it has been added to another box and not prominent on the profile.

Nick O’Neil says ‘Widgets or badges that help users express their personal beliefs,
ideals, and personality are now harder to find with the new facebook design.’

Source of the article is : All Facebook Article

September 29, 2008

All your base are belong to us …

Google has launched the Project 10^100 (”Project 10 to the 100th”) to mark their 10th birthday;
a call for ideas to change the world by helping as many people as possible.
The price is around some $200,000 per idea. (they are selecting 5 ideas for $1 Million)

As they have already touched upon most of our daily habits and tracked us completely.

They can go ahead and take following ideas to own us completely 🙂

    – Worldwide Google Security number agency (something like Social Security Number)
    – Run Spy Agency  (They already know many more things about us than probably we know about ourselves)
    – Visa/Passport Agency
    – Start Television channels (They already have satellite)
      I’m sure they can definitely run targeted ads on Set-Top boxes
    – Start Hospitals
    – Start schools (All kind of)
    – Start building military applications and appliances
    – Provide alternate Energy source and make money
    – Run a full fledged financial institution (World needs few more players in this zone — after the current debacle)
        catering to banking needs
        investment needs
        mortgage
        credit authority
        ….and so on
    – Start something on geologists and geophysicists
        First target to find oil mines
    – Start film production house (producing all type of films including adult movies)
    – Start a Soft+Hard Drink manufacturing company
    – And many more …………..

Please check the 10^100 original announcement here.

Please feel free to add your ideas here …. (I assure that I’ll share prize money 😉 )



AddThis Social Bookmark Button

September 22, 2008

BarCamp #4 at Mumbai

The long wait is over & BarCampMumbai4 is finally announced on first weekend of October 2008.

What’s new?
* BCM4 is a 2-day camp this time.
* You have to be involved. You can either give sessions or volunteer to be a part of BCM4

When & where?
* 4th & 5th of October, 2008
* SJMSOM, IIT, Powai, Mumbai

I would be attending as usual. I like the atmosphere. (Got few nice memories of IIT Bombay, Powai)
Thinking about whether, I can contribute something, probably a talk or volunteering.

Barcamp Mumbai — http://barcampmumbai.org/

BarCamp4

BarCamp4

BarCamp?? What BarCamp??

Learn more about BarCamps on the following resources:

* http://en.wikipedia.org/wiki/BarCamp
* http://barcamp.org/WhatToExpect
* http://barcamp.org/TheRulesOfBarCamp

September 18, 2008

Amazon to offer CDN services

As a logical extension to their existing product suite of EC2 cloud computing service and S3 online storage solution, Amazon is planning to launch a global CDN (Content Delivery Network) in near future. (Before dec 2008).

The idea is to provide publicly readable content to the customers worldwide, with low latency and high data transfer rates.
(General feature of all CDN)

It has been mentioned in the announcement that customers using Amazon S3 Bucket (Online Storage solution) will be easily able to migrate to Amazon CDN immediately by using the domain name/API provided.

As per ReadWriteWeb’s review, this service will not require a contract and also will not have any minimum-usage requirements unlike to Amazon’s other Web Services.

Looking at Amazon’s current links, its apparent that they already have presence in Germany, Japan, France and UK apart from USA.

It’s just matter of time for them to establish presence at another locations and start syncing their current applications + content across globe.

Another idea in future:  (though I’m not sure about its technical feasibility)

Amazon may also go ahead and try to replicate the certain EC2 applications + Databases (with master to master replications) across globe to enhance CDN concept to entire Applications/Cloud.

Idea is to even direct the user requests to nearest possible Cloud Instance which is already in sync with global.

(It’s not easy task and applications + db need to be designed in this manner…. neverthless it is not impossible in future..)

GigaOm, interestingly indicates that this move by Amazon, looks like a preemptive move, as New-York based company Voxel just announced CDN solution based on S3.

In my personal opinion is S3 or EC2 looks cost effective for less traffic services as they charge Fixed + Variable costs (based on the generated calls to content).
So if your number of server calls increase; the costs also tend to increase in the longer run.

And importantly it looks good till the time you notice that Amazon do not promise any uptime.

(Recent downtime of S3 and EC2 confirms that)

Still it is worthwhile to look/wait for the Amazon CDN.

September 11, 2008

Technology glitch brings UAL stock down

I was going through slashdot and one bizzare incident was reported on it.

Google’s news tracker/crawler, fetched a news from some old reprint of an article from Dec 2002 when United Airlines was on the verge of bankruptcy.

United airlines later on managed to get out of the situation after that.

However google crawled it as latest news since the reprint did not mentioned about any of the date.

Soon every other news reader/aggregators grabbed this incorrect information from google’s news and soon started spreading this news across market.

After some time this news appeared on Bloomberg and the stock price of UAL dropped to $3.00 from the opening price of $12.50. Trading was suspended after that.

And after clearing the doubts stock prices rose back to around $10.00 which is still lesser than the actual opening price.

UAL 8 sep 2008 fiasco due to incorrect news

UAL 8 sep 2008 fiasco due to incorrect news (Source yahoo finance)

Google cannot be blamed for this mistake. But some people might have jumped the gun as soon as the news appeared on Bloomberg and started selling off their stock. People should get into a habit of checking news and then taking financial decisions.
Thought the incident clearly shows the power of internet in todays world.

Few smart people would have made money after checking the authenticity of the news and riding on the fall or rise 🙂

How does it affect any other market ?

I was wondering whether these features can be manipulated to rigg stock prices up and down ?

If someone creates a news site where he artificially creates/modifies/brings older news back to current threads about certain stocks where he wants to manipulate for his benefits.

That opens another possible rigging opportunity for operators/manipulators in market.

Or to avoid these kind of situation should news crawlers try not to crawl news without timestamps ?
Or should there be a need for moderators before news gets published/indexed by crawlers ?

We all know that there are other ways of manipulation in stock markets and we seriously do not wish to add another possibility of manipulation.

References:

Slashdot news : Automated news crawling evaporates $1.14B

Wallstreet:   UAL story blame is placed on computer

Atlanta business chronicle : Google crawler, clicks may have pushed 2002 UAL bankruptcy story to top

September 4, 2008

Browser War: Microsoft IE8 Vs. Firefox Vs. Google Chrome (or Google OS?)

Its quite logical move from google where they have come out with their own version of browser (Google Chrome) after looking at the features of MS IE8 and possible threat to its advertising revenue.

Internet explorer enjoys 60-70% of browser market share due to its strong presence in OS.
Mozilla/Firefox enjoys close to 20-25% (or more) of market share
And remaining browsers (Opera, Safari) enjoy the remaining share.

Chrome is out in market and it will face the similar problems which Mozilla is facing.
(Most of the people are happy with their built-in (/pre-shipped) browser with OS (Read: Microsoft Internet Explorer)

So probably what it will do is, eat Mozilla share of browser market, and mozilla foundation looks amazed with the timing of the announcement of chrome.

Mozilla CEO’s thoughts on chrome:

Mozilla’s Europe president, Tristan Nitot does not think chrome as direct attack on Firefox

However I seriously think this announcement as threat to firefox as the only place Chrome will eat browser share is Firefox.

(As mentioned above normal users are happy with their pre-shipped browser.)

About IE8 — yeah in my previous post i mentioned how it can create problems for online advertising (Inprivate Blocking mode)

Chrome seems to be the answer to that threat … It allows advertising …
Obvious since google does not want to cut Advertising Revenue 😉

It gives option to block pop-ups though …. (since google yet does not have pop-ups 😉 )

But to me it looks like google has secret agenda with Google chrome.

It looks a like a platform for OS Wrapper … where normal user do not need to switch to other applications if he is using google chrome …. Google will soon start providing all basic needs of surfer inside the chrome browser itself.

(remember they are already building/launched apps for desktop, word processing, presentations, editing, email, chat)

All google need to do is provide all these things together in google chrome.
They are already giving Google Gears, using which i would not be surprised if people start distributing web softwares as offline installable applications which can be run through the Chrome browser.

Browser war is heating up …. are you party to it ?

I’ve been using following browsers

(IE7, Firefox 3 and 2, Opera, Safari, Netscape and now Chrome)

Chrome is multi-process, multi-tabbed browser whereas FF tries to provide lean efficient experience with single process and IE8 tries to provide smoother browsing experience by creating multiple instances of iexplorer.exe.

What it means that if something goes wrong in one tab of Chrome, other tabs will keep working properly.

IE it may happen if other tabs are handled by other instance of iexplorer.exe
And firefox may crash the entire process.

I’ve experienced memory utilisation is sometimes bad for all browsers (sometimes pathetic)

My experience with Chrome is as follows:

I’ve installed chrome yesterday and faced few issues with it.
Almost wasted 20-30 mins to figure out why it was throwing some weird errors like following.
— the application failed to initialise properly (0xC0000005). Click ok to terminate the program

The reason for above error is due to Microsoft XP Pro + SP3, Symantec Endpoint Protection and Chrome running together.

The temporary workaround is disable sandbox mode of chrome by running chrome with additional option “–no-sandbox” (without quotes) — check here

Post that its running strictly OK for me …

  1. It has already crashed few times .. and i had to restart the browser
  2. My laptop’s scroll-down from mousepad works fine … but scroll-up does not work
  3. Few sites do not open in chrome (need to figure this out — this may not be problem with it) 
Older Posts »

Blog at WordPress.com.