Apple’s Enforced “Apology”

 Computing  0 Comments
Oct 262012
 

Apple actually lost a court case recently, and as part of the settlement they were asked to publish an apology in both printed media and on their website. Which may well come close to the letter of what they were obliged to publish, but in no way comes close to the spirit … and indeed may well be contempt of court. The relevant part of the apology reads:

However, in a case tried in Germany regarding the same patent, the court found that Samsung engaged in unfair competition by copying the iPad design. A U.S. jury also found Samsung guilty of infringing on Apple’s design and utility patents, awarding over one billion U.S. dollars in damages to Apple Inc. So while the U.K. court did not find Samsung guilty of infringement, other courts have recognized that in the course of creating its Galaxy tablet, Samsung willfully copied Apple’s far more popular iPad.

Or to re-phrase it: The UK courts are complete idiots and should pay closer attention to the judgements reached in the US and Germany which of course have far wiser judges. If I were that UK judge I would order Apple to pay “over one billion dollars” to the court and prohibit Apple from selling any products in the UK until it was paid.

You do have to wonder just how dumb the relevant executives at Apple are. When you are forced into publishing an apology, the sensible thing is to do just that … and not try and weasel out of the apology by saying “but ….”.

 

This Probably Won’t Ever Happen, But …

 Computing  0 Comments
Oct 222012
 

It could!

According to this other blog entry, a completely innocent person has had their Amazon account closed. Which would be very inconvenient for anyone, but if you just happen to be a Kindle owner with a fair number of ebooks purchased it will be somewhat more than inconvenient.

You could believe that the person involved was involved in some sort of activity that Amazon didn’t approve of. Perhaps they were an anti-DRM activist of some kind; perhaps they accused Amazon of some under-hand business practice, or perhaps they just belonged to the wrong political party. Who knows? Amazon’s response to the situation is standard corporate double-talk designed to say as little as possible.

Conventionally, Amazon has a perfect right to cease doing business with anyone for whatever reason they choose. But removing access to purchases (such as Kindle books) is a whole different ball game.

At worst Amazon is guilty of theft and at best they have brought further disrepute to the whole DRM system.

The Coolest USB Devices

 Computing  0 Comments
Oct 202012
 

If you have a look for top cool USB devices, you will find plenty of lists out there with rather boring choices. In fact most of the devices are simple memory sticks whose main means of standing out from the crowd is to have an unusual form factor. Now I like funky form factors for my memory sticks as much as the next person, and some of the memory stick designs do deserve some attention. Some other lists contain things like USB powered missile launchers, heated mugs, etc. all very fun.

But it is still a bit of a shame that you have to look so hard for really interesting USB devices. My list below has been gathered over years and frequently by accidentally discovering them. I’ll add additional ones to the list as I discover them … or if people tell me about ones that interest me :-

iStorage DatAshur

And after all that moaning about memory sticks, the very first device on my list is a memory stick! But a rather different one :-

The difference is hinted at by the little buttons on the memory stick. This is a hardware encrypted memory stick where the encryption is implemented within the stick itself rather than rely on a piece of software that may or may not work with your current operating system.

The Entropy Key

You can tell this is a more geeky product just by the fact that the sales picture shows the device naked :-

What this does is provide a source of genuinely random numbers that can be used by Linux to add entropy to the standard random numbers device. To most people, this is a pretty uninteresting device, but anyone involved with cryptography is undoubtedly saying Cool! and has probably clicked on the title link to disappear from this posting to go and get one.

The Ubertooth One

As you may very well guess from the really naked picture of this device, it is probably the geekiest device in this list. It is effectively a software radio limited to the 2.4GHz band and is intended as a device for hacking bluetooth. Think of it as a WiFi sniffer but for bluetooth; although it can do quite a bit more.

The Zalman Hard Disk Enclosure

Your average USB hard disk enclosure (for putting an appropriate spare internal hard disk in) is not exactly exciting, and this device is one of those “stealth” devices that becomes more interesting the deeper you look at it :-

Note the little LCD display. What you cannot see is a little job-wheel which is the input device to control the functions. This little box of tricks allows you to select an ISO file contained within a subdirectory named _ISO and the firmware emulates a CD-ROM with that ISO inserted into it. Yes, you can now carry around as many CDs as you want and use them to boot from.

Debian: Adding Entropy to /dev/random

 Computing, Linux, Security  0 Comments
Oct 172012
 

I have recently become interested in the amount of entropy available in Linux and decided to spend some time poking around on my Debian workstation. Specifically looking to increase the amount of entropy available to improve the speed of random number generation. There are a variety of different ways of accomplishing this including hardware devices (some of which cost rather too much for a simple experiment).

Eh?

Linux has a device (/dev/random) which makes available random numbers to software packages that really need access to a high quality source of random numbers. Any decently written cryptographic software will use /dev/random (and not /dev/urandom which does not generate “proper” random numbers of quality) to implement encryption.

Using poor quality random numbers can potentially result in encryption not being secure. Or perhaps more realisticallybecause Linux waits until there is sufficient entropy available before releasing numbers through /dev/random, software reading from that device may be subject to random stalling. Not necessarily long enough to cause a major problem, but perhaps enough to have an effect on performance.

Especially for a server in a virtualised environment!

Adding Entropy The Software Way (haveged)

HAVEGED is a way of using processor flutter to add entropy to the Linux /dev/random device. It can be installed relatively easily with :-

apt-get install haveged
/etc/init.d/haveged start

As soon as this was running the amount of entropy available (cat /proc/sys/kernel/random/entropy_avail) jumped from several hundred to close to 4,000.

Now does this increased entropy have an effect on performance? Copying a CD-sized ISO image file using ssh :-

Default entropy 29.496
With HAVEGED 28.636

A 2% improvement in performance is hardly a dramatic improvement, but every little bit helps and it may well have a more dramatic effect on a server which regularly exhausts entropy.

Checking The Randomness

But hang on … more important than performance is the randomness of the numbers generated. And you cannot mess with the generation of random numbers without checking the results. The first part of checking the randomness is making sure you have the right tools installed :-

apt-get install rng-tools

Once installed you can test the current set of random numbers :-

dd if=/dev/random bs=1k count=32768 iflag=fullblock| rngtest

This produces a whole bunch of output, but the key bits of output are the “FIPS 140-2 failures” and “FIPS 140-2 successes”; if you have too many failures something is wrong. For the record my failure rate is 0.05% with haveged running (without: tests ongoing).

Links

… to more information.

Understanding URLs Or How To Avoid Annoying Your Scary DNS Administrator

 Computing  0 Comments
Oct 162012
 

Sometimes I get surprised by how many people do not fully understand how URLs work … or more specifically how they are decomposed and what each part means. And not just people who have no real reason to understand them, but people in IT. As a DNS administrator (amongst other things) I get some surprising requests – surprising to me at least – which involve explaining how I would like to help, but accomplishing the impossible is a task somewhat above my pay grade.

With any luck (so probably not then), this little post may go some way towards explaining URLs and what can and cannot be accomplished with the dark arts of the domain name system.

To start with, URLs can be thought of as web addresses. Not the kind you find painted on the sides of vans (www.plumbers-are-us.com) but what they turn into in the location bar with an honest web browser when you visit a site. Such as http://www.plumbers-are-us.com/. Although I note that my own browser is less than honest!

But just to make things a little more interesting, I will make that example URL a little more interesting: http://www.plumbers-are-us.com:8080/directory/portsmouth.html.

And now to the dissection. The first part of that URL above is the http bit … to be precise that which appears before the two slashes (apologies if you have been deceived by Microsoft but a ‘/’ is a forwards slash and a ‘\’ is a backwards slash, although those formal graphemologists who write the standards prefer to call a slash a solidus). This part of the URL is the scheme.

The scheme defines what protocol should be used to fetch a page with. You should be familiar with http and https as these are conventionally used to fetch web pages … with the later involving SSL encryption of course. There are of course other schemes less well known :-

ftp File Transfer Protocol – a pre-web method for transferring files.
gopher Gopher – an earlier competitor to the Web.
mailto Used to compose a mail message to an address.

In fact that is just a tiny sneak peak at the full list which contains a number of things even I have never heard of. But the usual scheme is either http or https (at least for now), so we can skip over the scheme part.

The next part (between the ‘//’ and the next ‘/’) contains two items of information :-

  1. The “hostname” where the web server can be found.
  2. The “port” to attach to on that web server.

The “port” is relatively uninteresting. If the server where the URL is served from is configured properly, there is no need to specify a port number, as any browser is capable of realising that the default port number for http is 80 (computers are good with numbers after all) and 443 for https. Unfortunately, whilst there is (arguably) no real excuse for running web servers on non-standard ports these days, some people insist on doing the Wrong Thing; quite often through archaic knowledge picked up during the 1990s which would be best recycled.

The “hostname” part is where it starts to get interesting. This is turned into an IP address by your browser, so it can go off across the Internet and have a polite conversation with a web server at the other end to ask nicely for a copy of the web page you have asked for. You can just put an IP address in there, but the expectation is that sometimes URLs may be typed in, and isn’t really.zonky.org slightly more memorable than 2001:8b0:640c:dead::d00d ?

But wait! It gets more interesting: The DNS allows you to point more than one name at a server, so mine can be reached with several different URLs such as http://zonky.org and http://really.zonky.org plus a few others. Which in fact show different web pages, by using so called virtual servers (which has nothing to do with virtual machines).

So the DNS can be used to change a boring server name such as server0032.facilities.north.some.organisation into a more meaningful name such as internet.some.organisation, but it can only pull tricks with the “hostname” part. Any messing with any other part of the URL including the bit after the slash is the job of something else; usually the web server itself, although that can sometimes require additional support.

The last part of the URL comes after the first single slash – in our example the “/directory/portsmouth.html” part – which can be best called the pathname as it provides a path to the page within the web server to fetch. In a very simplistic way, web servers can be thought of as file servers which require you to tell it which file to request; just like working with the command-line on a Linux machine or even a Windows machine.

BTW: I’m not really that scary – I haven’t bitten anyone’s head off for ages … at least a couple of weeks at least!

 Older Entries  Newer Entries