Forgot your password?

Comment: SQLite (Score 1) 281

I am recommending this without enough information about the problem.

In my case, I wrote my own multiuser access layer on top of SQLite and it works very well. I don't rely in any type of file access control because, as the SQLite documentation says, it could be not reliable.

But if you can make an application that works in only one place within one machine, SQLite is extremely more powerful than MS Access, and uses almost no resources. Also, if you need to backup the data or to send the data to another place, you only need to copy the data file.

There is a Firefox add-on for basic database management, and that's all, you need no other thing to work more than the way to present the data to your users.


One comment here.

When we have only hammers to work, we see every problem as a nail.

Depending on how you model your solution, SQLite is just enough as any other database system also, even XML or plain text files.

Other people recommended HSQLDB (Libre/Open Office); as I remember, the database works in memory and have a backup in disk with a statement based storage. When you start your application, this database runs ALL the statements and refill the memory structures. I am not sure if this works for you. In the case of SQLite, it is a standard database system and the database file is analogous to an Oracle datafile or MySQL data structure.

Comment: Re:Financial Institution Vulnerabilities? (Score 2) 56

I was checking the source code of the original and the "official" (not the Akamai) patch itself.

In fact, the original code (with the bug) is more ordered and clear than the patch. But in general, the issue is that OpenSSL is a very big and complex piece of code maintained by a group of people with a very small quantity of resources, but being used by many important organisations around the world.

The problem is not that the software is open source. The proprietary source also have the same level of problems, being the only difference that we can check the open sourced products and we have no idea what they did on the proprietary (a.k.a. closed) products. The problem is that the Internet has not a good international and neutral organisation to help verify the important parts that make it work and the users of the technology invest no resources to verify how well these products are made.

And yes, if a Bank has a router having OpenSSL with the bug, the router has the bug. Or it is better to say that the router has been with that level of bug for nearly two years by now, and that it is possible somebody was able to bypass the security WHEN the SSL protocol is exposed.

So ... there are many sources of problems, much more than the web servers, although these vulnerabilities will become real problems depending on how well defined is the security of the network infrastructure. Good practices let to reduced exposition to existing vulnerabilities, this is why it is important to know, to understand and to apply these good practices.

Comment: Re:Elegance only exists in textbooks (Score 1) 373

by malvcr (#46585435) Attached to: Ask Slashdot: What Do You Consider Elegant Code?
I have more than 20 years coding, and lately I have been working with a security-oriented framework on C++.

I must admit my primary goal was security and I have been trying to be strict on security problems usually others have and that usually are defined as weaknesses. However, you also need to work with usability and effectiveness for having something really usable.

For me, elegant code helps you to express your needs following a very clear and understandable way, be for you in the future or for others to maintain. That code not only needs to be clear, but also needs to be secure and efficient. I do nothing inventing a beautiful piece of code that will use 100 times more CPU because it has been excessively layered, or that permits me to create beautiful pieces of crap that will leak any possible memory and to produce many different types of concurrent problems.

Elegant doesn't mean to hide responsibilities. I don't believe in the garbage collector "for everything" philosophy, because you lost the control on what you are dealing with, even in places where it is a must to have very precise control. Elegant code is clear, having well defined preconditions and postconditions, with no surprises. Every new has a delete (everything be created must be destroyed), and your programming rules are logical and built up your understanding about the problem you are resolving.

In a few words : elegant means you are in control.

Comment: Re: what you need them for? (Score 1) 306

by malvcr (#46576101) Attached to: Ask Slashdot: Can an Old Programmer Learn New Tricks?
Wrong assumption from my part :-)

Let me see ... all the languages using { } come from C, or more precisely from BCPL, although in their evolution several things changed (for some reason they were created).

According with (, Python comes from Modula3, ABC and C. Eiffel comes from Simula and Ada, so although they share concepts they are different languages.

I don't think that C++ or Java have broken implementations, what I think it is that they follow different approaches. Eiffel seems to be more strict (CLU in its past can have some reason on this and was my first OO language in University). and ...

It is possible to create good software with any language and to create bad software with any language. In fact, it is possible to have perfectly coded software, following all the language rules but with a completely lost (aka broken) sense of the semantic it want to work on. This is, in fact, the biggest problem on the security area and it is not related with the nature of the languages.

And I understand you. I learned Pascal before C, so when arriving to C it was very "free" for me and was forced to understand the inner logic of the pointer world. With C++ things where more strict although not as systematically defined as Eiffel. What for me is terrible is to work the old fashioned Basic; this is as a short circuit in my brain, but I was able to do nice things with that language a lot of time ago (that, of course, I won't try to repeat).

Comment: Re:Physical Access = owned (Score 1) 150

by malvcr (#46575673) Attached to: Remote ATM Attack Uses SMS To Dispense Cash
Let me explain what happen with the ATM devices.

The ATM has a computer having the operating system and a basic bootstrap software. In fact, the configuration itself it is not located in the ATM but when the ATM is turned on, it is sent to it from the Bank. One important reason is that when somebody steal the ATM, will lost all the configuration including many different types of keys, making the task of opening it or to learn more about the ATM's network behaviour a difficult task.

When the security employees load the ATM with money, they actually have no access to such money. The Bank fills security money boxes (actually small security boxes that are not so easy to open). These boxes have a special key that is used only inside the Bank's vault. The employes that will give maintenance to the ATMs receive the loaded boxes from the Bank's personnel and replace the previous ones "complete" in the ATM (they don't have the keys), and deliver the full or partially empty boxes to the Bank for internal maintenance (to count remaining bills, clean, reload, etc.).

So, the security employees are the ones that could install the phone in the computer because they need to open the ATM to replace the money boxes. As they are the ones do this work, they also could put the phone, and the next time they load the ATM, they will quit it for let no trace of such action. So, it is not necessary for them to violate the physical boxes or to cut the ATM by half (that it is not easy anyway), but just to connect a phone, continue with their daily work and somebody else will come to extract the money with the help of the phone and the ATM itself.

As 80% of the attacks are from "insider", this have all the sense for me. To resolve the problem, however, it is not so easy, because they need to replace their ATM system for one would be invulnerable to USB or other type of ports access, something was not thought when the current systems where designed many years ago.

Comment: Re: what you need them for? (Score 1) 306

by malvcr (#46514791) Attached to: Ask Slashdot: Can an Old Programmer Learn New Tricks?
Let me add to this that the answer is not the framework but the paradigm. You are coming from C so you are not working object oriented. First, choose the program you like to write, then design it thinking in object oriented way, then choose the language according with your final required platform and this will tell you if a framework is required. For example, if you choose c++ you will work with STL for sure and maybe something else; and if you choose Java or C# you have no choice than to use the base framework because they are platforms more than only languages (Strousstrup words). But start with the design if you really like to learn well.

Comment: Re:Summary needs a slight rewrite (Score 1) 190

This is material for many new books and movies, even without knowing what really happened. Your description is a possibility (better knowing, as another reader point to, that Malaysia security control are very lax ... until now at least).

Other options:
  • These are flying by wire devices. You don't need to go to the cabin to destroy the plane, you only need to disturb the plane network to make it useless.
  • It is supposed the plane was turning to south before loosing contact. Could be possible it was hijacked instead of destroyed?
  • There are ways to disturb the satellite and GPS systems so the device believe they are in one place while they are really in a another one... but the lack of communication makes this a not so good option.
  • Static in te cabin .... what about our atmosphere, that is presenting many changes lately, is developing some type of unknown new, for us, electro magnetic disturbance that could destroy the electronics in a plane? ... I expect this not to be real, because many other planes could be in trouble very soon.
  • Errant and/or out of control Drone?
  • A meteorite?

In fact, I just realised that the Drones have a very nice possible future usage. Many planes with troubles are alone in their space. What about if we "always" send a small recognisance Drone with each plane? It is "outside" the plane, so if the plane explode or lost control, the Drone can be a first class witness. Also, if there is a strange air flow or some atmospheric disturbance and the Drone is flying in front of the plane, it will be affected first. Some seconds are the difference between life and death. And, they could give a hand if the pilots have very serious situations inside the plane.

Comment: Re:Free as in... (Score 1) 392

by malvcr (#46375157) Attached to: Free (Gratis) Version of Windows Could Be a Reality Soon
In fact ... it is not free at all.

You need to have a Windows 7 to have Windows 8.1 with Bing, and Windows 7 was not free. Also, Win7 it is not very old. They are just copying what Apple did with Mavericks, but with restrictions.

What I see is that Microsoft is in trouble because their business model from the 80s is not working well today. Apple have no problems, because they are not selling Operating Systems now, they are selling devices (many of them) ... and Microsoft almost no one, and this is why they needed Nokia. The Operating Systems, as the old days of computing, are returning to be a complementary free part of the systems, as must be.

A side note : There is a mistake with what an O.S. is. When trying to catch the market, Microsoft put every imaginable piece of technology inside the O.S. ... but this is not really an O.S., this is a "distribution". The O.S. must be a small part of the system. Look at Linux, it is really "ONE" file ... this is why people can make distributions, can put Linux in appliances, to create Chrome OS or Android on top, etc. Microsoft must evaluate to do the same, a small free element and to ask for money on the complementary parts for particular purposes. Forget the UI, forget the Server edition. Make them independent products, who knows, maybe this work for them...

Comment: Re:I have a plan (Score 1) 167

by malvcr (#46371747) Attached to: How To Take Apart Fukushima's 3 Melted-Down Reactors
For Plasma they are using a containing magnetic field.

And this is more troublesome than radioactive material.

They have 37 years to find the way to create a strong-enough and stable magnetic enclosure that be able to surround all the infrastructure, to attach it to a rocket and to send it to the sun.

Because, I don't think that they be able to create a magnetic or any other type of enclosure that last several thousands years until the radioactivity disappear by itself.

The other option is to clean everything. I really don't know what is more difficult.

Comment: Re:No, not those who don't understand... (Score 1) 921

by malvcr (#46370169) Attached to: Woman Attacked In San Francisco Bar For Wearing Google Glass
The Glass is a very obvious device. I suppose this is because they are selling the concept.

But what about a camera embedded in a pair of standard glasses?

You just turn the recording device (could be Bluetooth or stand alone) that even doesn't need to be with you, only in reachable distance, and record everything around. No wires, nothing delating what you are doing.

mm... I suppose this must be happening thousands of times just now. ... and for much less than $1500. ... Amazon, Fashion Listens Glasses Digital Video Glasses Hidden Eyewear DVR Camcorder Eyeglass $48.98

Comment: Re:IDEs are good. UI builders are bad. (Score 1) 627

by malvcr (#46330529) Attached to: Does Relying On an IDE Make You a Bad Programmer?
I don't think that the UI builders that create code, as a concept are bad.

The problem is not there, the problem is in the framework they are based to create the code.

In fact, if the framework is well ordered, efficient and trustworthy, they do almost nothing, very similar to create XML to run the user interface, but letting you to fill some gaps with more creative methods (when they won't destroy your own modifications when re-creating the source files).

On the other side, sometimes the UI builders really don't help you. Once I created a very complex and flexible database library directly using the VCL Delphi's framework without the usage of the UI Builder. The framework was wonderful, but the UI Builder just did't let you to go beyond some basic limit. And as I understand they never improved this, just made the particular libraries obsolete instead of trying to improve how they used them.

Comment: Re:Go Amish? (Score 1) 664

by malvcr (#46308577) Attached to: Stack Overflow Could Explain Toyota Vehicles' Unintended Acceleration
I think that there is a basic fundamental problem here.

There are characteristics and there are characteristics in a device that carry you to another place.

The first ones are classified as critical and it is important to invest all possible resources to make them to work. I know one car computer could cost $100 but to develop it cost millions of dollars, so there are resources to make them well.

The other characteristics, to attach an iPod, to control the temperature in your seat, to dim the internal light, they can have bugs, nobody will die because of them.

But, please, don't make bugs in the critical areas because you like to have the superficial characteristics at hand without using money, I will name that an irresponsible design behaviour.

Comment: Re:We're adopting this at work... (Score 1) 195

by malvcr (#46201933) Attached to: Is Whitelisting the Answer To the Rise In Data Breaches?
At the end, what happened is that the current user-computing environments where not created to be in a connected world where resources were available through the Internet. This has been a very disordered and incomplete evolution where something must die in the improvement process.

You are the owner of your environment. But others can execute sensitive/powerful code without your permission. Must be a difference between "you" and the "others" for you to be really secure, a difference that disappear when the software is already in execution position. And this is the main problem.

This is like to have a car. If you let an unknown person to drive your car then you are doomed. You don't do that, you have keys, you have a safe place to store your car, and when other takes your car it is an abnormal behaviour. But current systems see with good eyes that other pieces of software are executed without enough control inside them, and this is their normal behaviour ... something is not logical in this equation.

Weekends were made for programming. - Karl Lehenbauer