I saw this awesome presentation on why rand() is considered harmful. When you need a random number, don’t call rand() and especially don’t say rand() % 100! This presentation will explain why that’s so terrible, and how C++11′s header can make your life so much easier.
If you need uniqueness and non-deterministic, especially on the context of security or crypto then you need to think about a few things. For example the frequency, non-uniform distribution, and not using a pseudo random number generator (such as Mersenne twister) and not a linear congruential generator.
I don’t know how many people have heard of that NoReplyAll Outlook Add-In from MSR – which is a must have IHMO for everyone. With this enabled, you get the following new buttons in the Toolbar and when composing emails, it will restrict the others from replying-all and help in dealing with some of the email-storms you get internally!
You can NoReplyAll add-in this from here.
Been a while since I posted on this series. But starting it again. Here are the latest few interesting finds I have stumbled across. Of course these are in no particular order.
- UTF 8 Everywhere – Argues the cause on why UTF-16 and Unicode is a default poor choice except for specialized libraries, which deal with text.
- Data discrimination for the poor – Means that if you are poor (i.e. not rich), then the internet you see and know might be different from the others. Big Data discrimination.
- Customer feedback to a Tour Operator – It’s enough to make you cancel your reservation.
- Gartner IT Symposium Factoids – Very cool to see the data on mobility and where we seem to be heading.
- OpenRemote – open source for IoT (Internet of Things) – think of it the glue stitching everything together.
- Generation Game – Businesses are worrying about how to manage different age groups with widely different expectations.
- Overtaxed and over there – Loopy tax rules spur expats to renounce their American citizenship.
- Greenhouse (alpha) – a creative coding toolkit for spatial interfaces.
- Dipping your hands in a data pool – with a LeapMotion
- Tesla Model S Rest API – enough said.
- Cozy Cloud – private cloud for your apps, data, which you control and this is open source.
Why did the cat meow?
Because it’s a cat. Cats meow.
(PS – I am not a cat guy, more of a dog guy)
(and also valid for the US Govt)
*Ring* Hello, IT.
*Sigh* Have you tried turning it
Off and on again?
Don’t start an argument with a girl because they all have 4,30,50,194 GB memories and will bring up something you did at 14:27PM on 23/04/2008
// There once was a man named Dave
int Result = 0;
// Whose code just wouldn't behave
MyObject *Ptr = new MyObject();
// He left to go to a meetin'
Result = Ptr->DoSomething();
// And left his memory a leakin'
two words never heard
in polite conversation
You scramble me
and unscramble me
I’m putty in your hands
Sigh, why do I get to see all the ‘interesting’ errors. Not sure what do I get to make of this.
The wife recently bought a Nike FuelBand which she was loving. However in about 4-5 weeks of regular usage, the strap on it broke and the links which hold it together fell apart. The device itself is working, but it cannot be worn now as it won’t lock making it quite useless.
I was quite surprised as this is supposed to last more than this given both what it is meant to do and the cost of the device as well. Now this is an expensive paperweight.
Here are a few photos. This is what it looks like now, and cannot be locked, making it useless:
This is how it was when it broke and fell apart – we tried to rescue and pick up everything we could, but it seems there is a very small spring inside which is lost. This spring is crucial for the ‘lock’ and which acts as a rocker. Without this spring, this is useless.
This is I was trying to figure it out how to put it together and when I figured the small metal part (silver in colour) needs a spring which rocks it up and down. When one locks and unlocks this that spring is what is acting and allowing you to open and close this.
This is how the broken piece looks like after I put it together, everything looks OK, except it won’t lock.
I am not very happy with this situation right now – if this was a year after using the Nike FuelBand, perhaps I could still understand but 4 odd weeks of usage and this breaking is not acceptable.
I don’t have much hope in Nike, as where I am currently living, this is not sold and I am sure they would try and squeal out of trying to replace this or fix this.
No, there is no typo in the Subject, this advice is from NSA and should be good if you want to secure your data from NSA. The Register had this excellent write up on Guardian could have protected Snowden. I also like what The Register say:
Use an old-fashioned air gap. Be paranoid
You also could Steganography, using something like SteganPEG, but that is more obscurity, rather than security. The advice from The Register is sound and essentially is good if you are interested in protecting sensitive data. There are essentially four steps parts to this.
- Encryption – whilst it might seem hard to the non-geeky (I think we need to find a name similar to ‘Muggles’ – some reference for non-techy folks – of course in a good and constructive manner), it is not very hard. You should use something like GnuGP and create a asymmetric key pair (i.e. a pair of public and private keys). I would recommend you use a RSA based key pair which is 4K bits in length, using a SHA2 512 as the hash function. You should also consider the expiry date for this no more than a year, which will prevent some old keys lying around and being recycled or compromises.
- Use Clean Machines – You don’t know what is lying around on that OS and machine – could be some keyloggers for example. It is best to start with a brand new machine, which you re-install. You could either use the Security Enhanced Linux distro, or a harderned version of Windows or something else; NSA has a handy guide. You should also look to use something like BitLocker or TrueCrpyt and use that on a VM which you have built from scratch and is running on that clean machine.
- Moving the Data Securely – I think, this is the most difficult thing to do. The only way you can come close enough to do this is using Tor and a hidden service. Of course all the entry and exit points to Tor would be monitored and cannot be trusted. If you don’t know much of Tor, you can read up this guide.
- Using a Hidden Service – Use your clean machine only to interact with the absolute minimum to download data and then ensure it always remains disconnected from any network.
I also think the amount of data and information that Google and Facebook has one someone is scary. I like how The Registered ended their article with the quote from one of the UK government security staff:
You would not believe the hoops we have to jump through to access an email, all the legal paperwork that needs completing, when Google has everyone on file and no one blinks an eye