Subscribe to feed

FUD about cetification practice exams

1 Comment

Certifications by themselves hold little value. The value (and joy) in clearing certifications resides in the extra knowledge gained while preparing for them, brushing up basics and being able to use those skills and knowledge in the real world. Practice exams make one feel more confident and better prepared for the certification exam but the certification is just a means to an end and not the end itself.

Exam dumps are bad. I have seen quite a few people who memorize the typical questions and answers and manage to clear the exam. But needless to say these very people are usually unable to do most things expected of them in the real world.

This article on www.CIO.com - IT Certification Practice Exams Could Kill Your Career - talks about certification vendors cracking down on sites offering practice exams. It is in the vendors’ best interests to maintain the credibility of their certifications and one way of doing it is to ensure that dumps do not appear on the Internet. However another very solid business reason is to make prospective exam takers buy study material and practice exams from the vendors themselves or from other chosen sites having the vendors’ approval.

The mostly vacuous article mentioned above is forgetable till you come to the following gem - “Every time an individual takes a certification exam online, there are digital “fingerprints” that identify how long that person took to answer each question, whether he went back and changed any answers, and so on. Using data-forensics techniques, this digital evidence is analyzed for every exam taken. With incredible accuracy, the forensics reveal patterns that identify cheaters. Even inadvertent cheaters—those who didn’t know they used illegal preparatory materials—can be caught, but they are not distinguished from people who cheat intentionally.

What a load of crap. This is nothing but very obvious FUD usage to further their aims. I actually found it very funny… :-)

Posted by Varun on October 6th, 2008

Read More

Microsoft Ad: I am a PC - I like!

1 Comment

I liked this Microsoft ad. Apple might be cool, *nix might be geeky but MS is who brought computing to the masses. I think this is a very well-made ad that conveys a solid message and does it well. A computer after all is just a tool, isn’t it?

Posted by Varun on September 22nd, 2008

Read More

Worried about the LHC experiment?

1 Comment

Worried that the LHC experiment will destroy the world? Fikar not… this is the era of citizen journalism, user-generated content and continuous updates… here are a couple of links to keep the paranoid you reassured ;-)

http://HasTheLargeHadronColliderDestroyedTheWorldYet.com/ (Atom feed)

http://HasTheLHCDestroyedTheEarth.com/ (RSS feed)

And for the geeks out there go check the source markup for those 2 pages :-)

Here is a snippet from the first link:

<body> 
	<div id="main"> 
		<script type="text/javascript"> 
			if (!(typeof worldHasEnded == "undefined")) {
				document.write("YUP.");
			} else {
				document.write("NOPE.");
			}
		</script> 
		<noscript>NOPE.</noscript> 
	</div> 
	<script type="text/javascript"> 
		var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." :
		"http://www.");
		document.write(unescape("%3Cscript src='" + gaJsHost +
		"google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
	</script> 
	<script type="text/javascript"> 
		var pageTracker = _gat._getTracker("UA-275043-3");
		pageTracker._trackPageview();
	</script> 
	<!-- if the lhc actually destroys the earth & this page isn't yet updated
	please email mike@frantic.org to receive a full refund --> 
</body> 
Posted by Varun on September 12th, 2008

Read More

Security and usability - Google Chrome’s Incognito mode

3 Comments

Shantanu tells us about Firefox’s Incognito mode and asks us to stop drooling over Google Chrome’s privacy mode labeled Incognito. Does Firefox have an Incognito mode? - Yes. Is it better than Google Chrome’s Incognito mode? - Hell no.

When it comes to the masses security is 80% usability and just 20% technology.

Picture the following 2 scenarios involving an imaginary but very plausible conversation with my very real and reasonably tech-savvy Dad (2 email accounts, has an Orkut profile, uses Linux once in a while, online banking, composes videos of family photos with narration etc… is he cool or what!)

Scenario 1 (Google Chrome)

[ Varun ]

  1. Dad open up Google Chrome.
  2. Click on the page icon at the end of the address bar.
  3. Select “New Incognito Window” from the menu options.

Whenever you do serious stuff such as online banking use this mode, OK?

[ Dad ] - Sure son! That’s easy. You are the bestest son ever!

Scenario 2 (Mozilla Firefox)

[ Varun ]

  1. Dad open up the Windows Run dialog.
  2. Type firefox -ProfileManager.
  3. Click on “Create profile”.
  4. Enter “Incognito” as the profile name.
  5. Hit Finish.
  6. Select “Incognito” from the list of profiles.
  7. Click on”Start Firefox”.
  8. Go to  Edit >> Preferences >> Privacy.
  9. Select “Always clear my private data when I close Firefox”.
  10. Unselect “Ask me before clearing private data” and you are done.

[ Dad ] - My dear Varun, let me tell you about something called Google Chrome and something called the Incognito mode… Step 1 - Open Google Chrome….

:-)

Browsing is an everyday affair for a large chunk of the computer user population. Privacy mode should be an equally “everyday” affair and should not involve them having to change settings, create new profiles, shortcuts etc.

Another reason why I prefer Google Chrome over Mozilla Firefox is the safer process model. Even if one were to use the Firefox Incognito mode the individual tabs are not protected from each other and bad stuff like CSRF (cross-site request forgery) and XSS (Cross-site scripting) can still happen. In Chrome, by design, individual applications/websites are cordoned off from each other. I am sure it is not fool-proof but it is way better than all current browsers.

Lastly the Google Chrome Incognito mode is a read-only mode. It does not write anything to disk. No cache, no cookies, nothing. It’s default behaviour is secure and there is nothing you can do to change it. The Incognito mode will remain what it is on every Google Chrome browser, whether it is my home PC or work PC.

The Firefox Incognito mode outlined in Shantanu’s post still writes to the hard disk. The cleaning up is post-event and not by design. Also if you do exactly what is mentioned in that post you are still NOT cleaning up persistent cookies, offline website data (created by extensions) and saved passwords. You have to check a few more boxes to clean these up. If a hardcore geek like Shantanu (the dude writes well, hacks stuff and has a bunch of interesting-looking downloads on his blog!) can oversee these options imagine what it imagines for people who want their browser to just work.

Am I drooling over Chrome’s Incognito feature? - Not exactly but I _am_ impressed. When designing software especially end-user software think secure by design, think secure out of the box, think usability and think of my Dad-equivalent whoever it might be in your case.

P.S. - Dad if you are reading this do you agree with me? ;-)

EDITS - 2008-09-12 Chrome not resilient to XSS, just CSRF (Thanks Shantanu!)

Posted by Varun on September 11th, 2008

Read More

I switched off Chrome’s suggestion service in the address bar…

Add your comment

…because I found it annoying and never found myself using it. Of course not to mention that it is insecure too because all words typed in the address bar were being sent to Google (or whatever suggestion service is being used) effectively acting as a keystroke logger.

Here is how you switch it off:

  1. Right click on the address bar (omnibox as Google calls it) and select “Edit search engines”.
  2. Uncheck the check box at the bottom labelled “Use a suggestion service…URLs. typed in the address bar”.
Posted by Varun on September 8th, 2008

Read More

Google Chrome - cleaner, faster and cooler!

3 Comments

Google Chrome - It is not the much-hyped Google OS but pretty close. And if it becomes popular the Google OS might not even be worth it. The browser WILL be the OS.

Read the long but interesting comic announcing what it is or go ahead and download it and try it out.

Google has a finger in every online service pie - it has a nearly complete suite of online services - check out Google Labs. From just controlling the server end of things Google Chrome is a very smart foray into controlling the browser side too. It is all about controlling the experience. If you are the browser maker you decide how it behaves, what elements are shown, how it behaves and what components are optimized. You drive essential standards and the ecosystem of web applications.

Google Chrome is full of new features, both user-visible and purely internal.

A faster and leaner new JavaScript engine called V8 compiles JavaScript and has tighter memory management than the current JavaScript engines. This ensures that JavaScript-heavy (AJAX) applications such Gmail and Google Reader run faster.

Chrome implements a one-process-per-application model. This means application behaviour (unintended or malicious) is localized, crashes are easier to deal with, debugging is easier and memory management is more efficient. This also makes the browser design more flexible and extensible.

The UI is minimalistic and stylish, a signature Google UI. Tabs are the central element in the user interface and therefore are at the very top of the browser. Less important elements of the UI such as the status bar and bookmarks are hidden by default. The default home page shows the 9 most visited sites plus most searched sites, a pretty sensible default and something I know I will get used to in a few days. The best part about the UI is that everything is better but in a subtle, non-distracting manner. All the (Firefox) shortcuts work as expected and everything is where I expect it to be. Google Gears is in-built and provides the interface to the user’s file-system and allows applications to behave more like native applications.

Security is built-in by design. Applications and plug-ins are sandboxed from each other and from the rest of the user’s system. Processes cannot write to the filesystem (no persistent cookies!) and cannot read from sensitive filesystem folders or files. Conventional browser anti-phishing mechanisms are also in place checking sites visited against a list of known malicious sites.

The browser itself and the V8 JavaScript engine are open-source allowing others to use these in their projects. And good features developed by others can be introduced in the core codebase by the Google team effectively allowing a larger team to contribute to these projects albeit indirectly. Open sourcing is also a smart defense against monopoly allegations I guess.

This is a major shakeup of the browser market. Chrome was announced around the same time as the IE8 announcement, this is probably a deliberate move intended to invoke comparisons and garner more publicity. Users shifting to IE8 from IE7 or to IE7 from IE6 might decide to give Chrome a try and stick with it. Users of the various Google services are also a primary audience, the browser has the Google brand and that says something for the users of those services. But most disruptive of all Google Chrome will probably take away a significant chunk of the Mozilla Firefox userbase.

IE is the OS’s browser. It is the default browser, the “e” icon that most users associate with the Web and the browser that renders almost everything nicely. Firefox was the “alternate” browser. It is the browser with a rich ecosystem of extensions and thus more flexible. It is the preferred browser for tech-savvy surfers, slightly more secure and of course available on non-Windows systems.

Google Chrome is all set to displace Mozilla Firefox and become the preferred “alternate” browser. Today it does most things that Firefox can do, eventually it will do ALL things that firefox can do and I am not sure what Firefox’s differentiator will be to make me choose Firefox over Chrome. Today Chrome lacks the plug-ins/extensions that Firefox has but that is just a matter of time before Firefox extensions are ported to Chrome.I am going to hazard a guess and say that Chrome will have a third of the browser market a year frmo now.

All in all very interesting times in the browser world :-)

Posted by Varun on September 3rd, 2008

Read More

Upgrade to Windows XP from Vista

2 Comments

After reading this post I am also thinking of dumping Windows Vista and upgrading to Windows XP :-)

Posted by Varun on December 16th, 2007

Read More

Choosing good passwords - memorability and security

Add your comment

Password policies are an integral part of security for most computing facilities. Even though passwords have supposedly outlived their usefulness they are still the single most common security control for authentication for online systems. Thus having a user-friendly but secure enough password policy and enforcing it is very important.

An administrator usually has the ability to set the acceptable password policy for a system. However common questions that arise are - What is the minimum length of a password? How many non-alpha characters (numbers and special symbols) should it have? Are there any restrictions on using both uppercase and lowercase characters? And many more.

I just read a reasonably old but very useful paper titled The Memorability and Security of Passwords Some Empirical Results authored by Jianxin Yan, Alan Blackwell, Ross Anderson and Alastair Grant. It is short 11-page paper describing an experiment carried out on approximately 400 students that gives empirical results on the memorability and security of passwords chosen via 3 different approaches - allow user to select, random password, mnemonic passphrase.

In a nutshell the paper recommends users to choose mnemonic passwords that are at least 8 characters long, preferably longer with individual characters being a mixture of letters, numbers and special symbols.

And while you are at it do read this article by Bruce Schneier - Choosing Secure Passwords. He talks about a password recovery program called PRTK that assumes that all passwords are made up of a root (need not be a dictionary word but is usually pronounceable) and an appendage (a suffix or prefix to the root). His recommendations for a difficult to crack password:

So if you want your password to be hard to guess, you should choose something not on any of the root or appendage lists. You should mix upper and lowercase in the middle of your root. You should add numbers and symbols in the middle of your root, not as common substitutions. Or drop your appendage in the middle of your root. Or use two roots with an appendage in the middle.

Even something lower down on PRTK’s dictionary list — the seven-character phonetic pattern dictionary — together with an uncommon appendage, is not going to be guessed. Neither is a password made up of the first letters of a sentence, especially if you throw numbers and symbols in the mix.

Interesting.

Posted by Varun on December 6th, 2007

Read More

Desktop screenshot - Ubuntu Gutsy Gibbon and GNOME

1 Comment

This is how my desktop looks like. I am running Ubuntu Gutsy Gibbon (7.10) and Gnome platform. I have been using Ubuntu for 3 years now and it is my all-time favourite operating system. It is easy to install, user-friendly, looks good, is fast and has almost everything that I need for my day to day work.

Varun’s Desktop - Ubuntu Gutsy Gibbon and GNOME

Posted by Varun on November 26th, 2007

Read More

Review - HP Pavilion dv9502AU Portable

17 Comments

I bought my laptop (HP Pavilion dv9502AU Portable) around 3 months ago and I guess it is the right time to write up a quick review.

Overall I am very happy with this laptop. It suits my needs very well and I am very satisfied with it. The price (50K INR) is also a bargain for a 17 inch laptop in India. I bought this laptop from the Croma store in Malad.

This laptop has many good features (that is after all why I settled for it in the first place). Almost all of the laptop’s “basic” features get a pass grade easily. The processing power (1.8 GHz, 2 x 512 KB L2 Cache) and RAM (1 GB) allow Windows Vista to run reasonably well (though an extra gig of RAM would help significantly) and anything other than Vista (say Windows XP, Ubuntu Linux) runs like a breeze. The 8-cell battery consistently lasts for more than 3 hours and takes around 90 minutes to recharge fully after being fully drained. The laptop’s looks are decent enough but nothing stunning. The laptop also has all the bells and whistles expected from a modern machine (CD/DVD reader/writer, Ethernet card, modem, 5-in-1 card reader, WiFi 802.11 a/b/g, Bluetooth, ExpressCard slot, all kinds of slots, VGA webcam, microphones etc.) and till now I have not felt anything amiss. The laptop weighs a respectable 4 Kg, though this is pretty heavy if you have to lug around your machine a lot.

Posted by Varun on November 26th, 2007

Read More

« Older Entries