Sometimes the order in which things are done is really crucial.
An example to this is the mix of encrypted and compressed data.
Should you:
Compress encrypted data ?
or
Encrypt compressed data?
Due to the nature of encryption and compression the answer is of course very obvious, but I will anyhow back it with a small example.
I have created some simple Java code which does the following:
- Takes an XML file with domain names and creates an DES encrypted file from it.
- Creates a compress GZip file of the DES encrypted XML file
- Creates a compress GZip file of the original XML file.
- Creates a encrypted file of the GZip compressed file.
1. The original XML file "hosts.xml" has the size 82.767 KB
2. The DES encrypted file of the XML file has the same size of 82.767 KB
3. The GZip compressed original XML file has the size of 8.520 KB
4. The DES encrypted file based on the GZip compressed XML file has the size of 8.520 KB
5. The GZip file based on the DES encrypted XML file has the size of 82.792 KB.
The results come as no surprise since:
- The nature of lossless compression is finding redundant information, patterns which can be replaced by a shorter representation.
- The nature of encryption is the opposite, the encrypted file must not contain any patterns at all, but rather appear like white noise, ....(which can not be (lossless) compressed)
Conclusion: if you need to compress and encrypt data ....ALWAYS compress first and then encrypt the compressed data.
Download: Java files to demo encryption and compression order
Published by: Jesper B. Kiær at 07-05-2012 14:30:00
Full PostSeveral times I have wondered, does IBM really have a team of testers in connection with Lotus Notes development?
..or are things just tested á la "this seems to work OK, ..next" ?
I have come to the conclusion the later is sometimes the case.
If you have used the new "slide in a summary" pop-up feature in Lotus Notes 8.5.3, which shows a window when new mails have arrived, you may know what I mean
By analyzing the behavior of the pop-up it seems to pop-up when a new mail has arrived to the database, however the content of the pop-up is another story .
The content seems if based on a combination of a random selection of unread documents from the inbox, mostly new ones and are often the same mails repeated.
The junior developer, who coded this ...send a few mails to himself, saw a pop-up window, smiled and said "this seems to be working all right.. "
NO, it does not work all right !
Testing is not about simulating a simple "normal" scenario only, It is about getting out in abnormal weird scenarios too.
Hints to IBM:
- Mail rules may actually move a document to a folder, so it is actually never shown in the Inbox? OK?
It is not uncommon to use mail rules, the pop-up window was clearly NOT tested with a combination of mail rules.
- Only show me the "new" mails in the pop-up list ONCE!, my users are freaking out and are really annoyed, ..ONCE !
Was this feature tested on real users?
Clearly not, users like subtle, discrete hints of a new mail has arrived ....ONCE!
The principles are actually rather simple:
Storing passwords in plain text files??
You would think it would be very obvious that this a very bad idea, right?.
But NO! ..Facebook, LinkedIn, Dropbox (again?) and others thinks this is a great idea...
well at least until Security researcher Gareth Wright revealed how they handle security in their iPhone Apps (and most likely Android too he says).
Again this makes you think...when such a fundamental security rule is broken, which other are broken too?
Outsourcing anyone?
Link to Infoworld.com:
Flaw in popular mobile apps exposes users to identity theftPublished by: Jesper B. Kiær at 09-04-2012 21:14:51
Full PostFound this joke in an very old mail...
This is an absolute classic.
you must read the story first. Its a bit complicated the story, but basically
they wait for a flight from a far away place and then write down names to
give to the announcer at the airport and then go near a speaker and record
what they say
This is his story.....
"We'd go and sit on the balcony at Terminal 3 at Heathrow,
directly under one of the speakers as the roof is low. We put the tape
machine in our bag with the microphone poking out of the top.
We'd look for a flight that'd arrived in the last 40 minutes from
somewhere where you'd expect mental names, then write a
letter saying
"Could you go and pick up etc. etc. from flight, etc". That way,
it looked like it'd been arranged in advance as the flight arrival details
were written on the note. We also wore an ID-style badge and carried a
mobile so that we looked like taxi drivers. One of us would get the first
one read out and then the other did the second. We'd pretend to be unable to
pronounce it and then hand them the bit of paper with the name written on
it.
Long winded, but well worth it!
These are the names written down:
- airprt1.1.wav
- airprt1.2.wav
- airprt4.1.wav
- airprt4.2.wav
- airprt5.1.wav
- airprt5.2.wav
1. Arheddis Varkenjaab and Aywellbe Fayed
2. Arhevbin Fayed and Bybeiev Rhibodie
3. Aynayda Pizaqvick and Malexa Kriest
4. Awul Dasfilshabeda and Nowaynayda Zheet
5. Makollig Jezvahted and Levdaroum DeBahzted
6. Steelaygot Maowenbach and Tuka Piziniztee "
And this is what they sound like:
1. "I hate this fucking job, and I will be fired."
2. "I've just been fired, and bye-bye everybody."
3. "I need a piss quick, and my legs are crossed."
4. "Oo-ah, that's better and now I need a shit."
5. "My colleague just farted, and left the room, the bastard."
6. "Still, I got my own back and took a piss in his tea."
We got rumbled doing the "My colleague just, etc". They actually
threatened to arrest us as apparently they'd actually had complaints over
the previous weeks! We were toying with doing it again just to see what
they'd arrest us for, but we rang Chris and all he said was, "go to
Gatwick!". This is the reason the last one sounds so crap 'cos Gatwick is a
much noisier place and the ceilings are high, and it was difficult to get
near a speaker. The lengths we had to go to..."
Published by: Jesper B. Kiær at 27-03-2012 21:24:00
Full PostThere are a few simple steps to update a Lotus Notes Calendar with holidays for your country or religion.
The administrator:
Open up the administrator client and go to the "Configuration" tab.
Go down to the "Miscellaneous" section and open up "Holidays".
You will see entries for each country or religion. They may look old but they are actually repeats so they could be quite valid.
My old entries here are good for 10 years.
The newest Holiday entries are kept in the NAB template.
To get them into your NAB click on "Actions" in the menu and select "Import Holidays from Template".
After running the import:
TIP: Since all calendar entries are in English you might want to consider translating the entries in the NAB now for any of your non-english speaking countries in your organization before they get pushed out to your users calendars.
The user:
Open up your calendar.
Click on the "More" button and select "Import Holidays"
Choose your country or religion.
Click OK and your are done!
Easter Holidays which I had translated first in the NAB
In regards to holidays, you will not need to update the calendar until 2017
Published by: Jesper B. Kiær at 15-03-2012 11:40:53
Full PostIf you really want to stress test your hardware and software solutions nothing does it better than a free porn site.
Youporn.com runs Redis as their primary database, which of course is a NoSQL database.
A cluster of Redis databases handles over 300.000 queries per second!!. and over 100 million page views per day.
That is a hole lot of queries and page views...
You can read some of the technical background for youporn.com here and if you have not bookmarked it already you can access the busy website here: youporn.com
Published by: Jesper B. Kiær at 23-02-2012 22:10:22
Full Post