Sunday, October 29, 2006

One click away from doom

Recently I caught my self observing various high-level graphical interfaces used in web services. All of them were custom-made solutions made by small companies yet used by large organizations and universities. In most cases they try to save some money. That's quite a big mistake since large-scale commercial applications have been tested and are supported by entire groups of programmers. On the other hand, something your local two-man dev team will present will be buggy and incomplete and the drill always has to do with the programmers standing by the client and fixing stuff on the fly. In the end, the result will be something that "just works".
How about quality of service?

I would like to go pass the bugs and focus on usability. Many times two buttons are placed next to each other: one commonly used and a very "dangerous" one like "delete" or "submit". I mean it is a matter of time before some user "misses" and clicks the wrong button. Why? Because someone tried to get the "cheap" solution and look good to his boss.

To a certain extend I understand the guy who made it. I am a programmer myself and don't pay much attention to design (and GUIs in general). On the other hand, I would never choose my self to develop from scratch something big and important because I know I would make mistakes that have already been done and would ignore certain things that have already been pointed out. Nobody can know everything. One must be wise enough to make that call while discarding any influence coming from his ego.

I am thinking about the guy who decided to hire a local crew to do the job. Obviously he doesn't understand much about the job to be done. Probably he is some financial analyst with no idea about computers or software. I bet he has never written a single line of code. Because if he had, he would know that all he did was undermine the entire group of people that would have to use the system. He has one chance to bring in a service and he made the wrong choice. It'll be another 10 years before the system is revised and even then it is doubtful whether they will replace it or not.

In the end of the day, it is these things that make the life of computer users harder and therefore enhance the myth that "these damn PCs are a pain in the neck. We would be better off without them".

Friday, October 20, 2006

Think Big, Program Less

Today I was programming an indexing application in Java. It starts from a specified path and creates a Hash table with all files in that path and all folders underneath. Its purpose is to find duplicate files even if their filename is different. The code is pretty simple but I made one critical mistake: I didn't stop and think how my procedures would behave in a large scale. That cost me about an hour of debugging (more like my head banging against the wall).

Here is the problem: Although the code is correct, it recursively does it all in a single method. This means the Garbage Collector, Java's memory freeing mechanism, won't do anything until this entity is no longer in use. As a result no memory is being freed during the application's operation. This is very hard to notice when using small files as a test bench but what happens when you have to index a couple of dozen of gigabytes? I'll tell you what happens: withing the first seconds of runtime, the application consumes all available memory and the Virtual Machine crashes. If you feed (the beast) with more memory it will simply grow bigger before crashing but will never finish. Only if you could provide virtual memory equal to the total size of the files to index, the application would complete its job but that's impossible and of course a very very very very very very bad idea!

The solution: design a new method explicitly for hashing the files, one at a time. So for every file, you invoke that method, load its contents in memory, digest them, unload the method, release its contents (for the appetite of the Garbage Collector) and return the result. So simple! And again let me stress out that the unsuspected developer would consider the two approaches as equal.

I was pretty sure my application would work the first time and was about to release it through my web site when, just for the fun of it, decided to check out if I had any duplicate MP3s. Out of pure luck I discovered that my code would behave very badly (or if you like, would not behave at all) under real-life conditions.

What I've learned from this is to think out of the box (at least try) and try different angles when designing something. My point of view may be entirely different that yours and I have to take all factors into account if I expect my programs to function properly in systems besides my own :)
Oh, there's another useful point that comes out here: you may be using a high-level language but you must never forget your computer's architecture and capabilities. In this case, don't forget about memory management just because Garbage Collector does it for you.

P.S.: This reminded me of a major bug caused by the overflow of a common “int i” temporary variable in an “average number calculation” implementation. I remember pointing out that certain programming “habits” should be revised to avoid (at best) the embarrassment. You can find the story here.

Tactile Passwords could strengthen our security

There's an interesting article over at NewsScientistTech on "Tactile Passwords", a user need-to-know authentication method that relies in the sense of touch. This means that one doesn't have to type in or pronounce a string of characters or numbers, just remember a tactile pattern (or sequence of patterns) and select it upon challenge by a security system.

In detail, Braille-like devices (already employed by visually impaired people) are used to carry patterns to the user's fingertips. Then, the user must click (or somehow select) the ones corresponding to the unique sequence he was given by the Certificate Authority. It's like the machine is asking you "Is ABC your password?" and if it is, you answer "Yes". This may seem stupid at first sight but think about it.

No sensitive information is exposed on a screen or keypad but tiny pins under your fingertips, which only you (the person in contact) may feel and "read", perform the authentication process. Of course the sequence of patterns is randomized each time but that's a detail.

I believe this is a very interesting idea when it comes to safeguarding a critical point in user authentication: the one-factor (aka password) policy. Every time you type in your ATM PIN code or any other code for that matter you shield (or should do so) the keypad with your hand. Why? Because anyone standing behind you could see what you are typing. This is the same reason asterisks, instead of the actual password, appear on the screen. "Shoulder-Surfing" is a big headache to security experts. Could this be the end of it?

Of course I, being a little more paranoid, believe that any place where some stranger may stand behind you while typing a PIN code is not a safe place. He can always stick a weapon in your back and force you to type the correct code. As you can see, if you have to worry about someone observing your actions, you have to worry about even more serious things. Anyway, just giving some food for thought.

P.S.: If you can't picture the tactile authentication devices, check this out. It looks like a common mouse, doesn't it? :)

Friday, October 13, 2006

Who's messing with my mail?

Everyday I see mailing lists that allow uncontrolled (un)subscription. That means that all you have to do is type in your e-mail address to join/leave that list. Why is that wrong?

Because if you know a guy's address you may subscribe him to spam/porn/etc lists despite his will. You don't get much profit out of this except the fact that you make his life a little bit harder (sorting out the spam). For example I beginning to believe that someone is giving away the list address of an academic class I am attending (the teacher is a pain the neck and many of his students would like to get back at him). Also, if you know that someone is subscribed to a usefull (to him) list, you may unsubscribe him at any time, preventing him from receiving future updates and news.

It's like someone can subscribe you or rivert/cancel your subscription to a magazine or, worse, divert you bills so that you never receive them and therefore never pay them. As you can see, it IS a big deal!

All mailing lists should provide a verification link/code every time you try to add/modify/remove an entry to their system.

Tuesday, October 10, 2006

dodgeit.com: Beat 'em in their own game

Having an e-mail account is common these days. In fact, most people have more than one. So, there is a tendency among web sites to ask for your e-mail in order to track you down somehow or keep statistics of their own. For example, wanna download sth? give us your e-mail! This doesn't seem so bad at first but wait a minute! Giving away your address lets them know where they can reach you. And unfortunately a great deal of them takes advantage of that. For starters they decide to subscribe you to their mailing list, sending your their daily or weekly newsletter. Others sell your address to marketing firms which in turn use it to promote their customers' products.

In the end you end up with a dozen or so e-mails a day in your Inbox that you don't care and never asked for. What can you do?


Well, there yet another solution to this: dodgeit.com

Next time you are asked for your e-mail, give a random blabla37@dodgeit.com. No registration required! After that, visit dodgeit.com and check your e-mail (still without any registration or password). Pretty cool, huh?

Another interesting aspect of this: can you think of common usernames other people would use? Like nobody@dodgeit.com or person@dodgeit.com, etc? Try entering some of them in the site and you'll get a list of the e-mails these people got. So next time you register to a forum or sth, use a hotmail/gmail/yahoo account instead!

Thursday, October 05, 2006

Dominos GR: Anonymous Pranks Inside!

It is a common prank to order pizza for someone else by forging their id. All you have to do is give the other guy's name and address and only imagine his surprise when he opens the door to find the delivery guy holding 5 extra-large pizzas. Of course pizzerias use caller-id to avoid taking orders from third-party numbers. So far so good.

But here comes the Internet to spice things up! The greek branch of Dominos, located at dominos.gr, let's you place online orders using a pretty lame authentication system. All the users have to enter, is their phone number and street number (just the number not the street name). The first time you order, you have to do it by the phone so that you provide all your details. The second time though, by entering your phone number in the website form, they pull your record and carry out the order. In fact the online accounts use the same database as the dial-in customers.

Do you see the problem here?

If I know a guy who orders from dominos (he doesn't even have to order online) I can easily lookup his phone number (courtesy of the national, public phone records) and his address. So I can bill him with a dozen or so pizzas. The advantage against the original phone prank is that in this case I cannot be traced! Whether I am using a dynamic ISP IP (the records are classified and no warrant will ever be granted for that purpose), a public hot-spot or Internet cafe or even Tor, I pretty much stay under the radar.

I don't get these guys. The information they need to log you in is public domain! Anyone, anywhere, at any time may access it, copy it and use it freely. How about that? LOL!

Wednesday, October 04, 2006

Yahoo Redirection Hole Exploited by Phishers

Every day I get quite a few spam e-mails. Normally I just delete them but today I'm in an investingating mood :)

So, I got this message titled "eBay Member" from "aw-confirm@eBay.com". First of all, I took a look at the header to find out it had been sent through a german gateway. Why would the famous online auction site stationed in the U.S. use such a server? It wouldn't!

And of course there was a link (hidden under HTML) pointing to


If you visit that pretty long and suspicious link you get a web site just like the eBay.com login page only the SSL icon is missing. And this is because only the original site is in possession of the certificate.

Anyway. Last month I talked about a google redirection hole but then again almost all search engines suffer from similar exploits. Yahoo is one of them. The question is what can we do to fill these holes while preserving the freedom of information and user-friendliness of the service.

Finally, one thing that keeps us somehow safe from phishers is that everybody speaks greek and all these e-mails are in english so in the majority of cases you have no business with a foreign service and disregard it. I could only imagine what would happen if they were written in our native language.