Just sharing some of my inconsequential lunch conversations with you... RSS  

Friday, March 27, 2009

Visual Studio Team System 2010

I’ve been trying to write for some time over the cool new features of Visual Studio Team System 2010. Finally someone better then me did the work for me :) Great little digest from Bill Maurer presentation.

Here are the features I like the most:

  • Application Tier Load Balancing and Failover (I’m managing a 2008 TFS and boy if it fails I’m f*****)
  • Branch Visualization
  • Parallel & distributed builds
  • Gated Check-in
  • Camano (test case management interface focused on requirements)
  • Test Lab Virtualization
  • Historical Debugger
  • Sending a “core dump” to a development team to recreate the process
  • UML. I’m kind of divided on this one, not only because of my old doubts over the expression capability of UML against DSLs, but also because of the limited UML support (ex: we can’t express all the structured artifacts on a use case, we have to use an unstructured text field). Though interesting on the integration perspective…

Thursday, March 19, 2009

Hibernating resuming times

And now for something really different: hibernation resuming times.

Windows 7 31 seconds
Ubuntu 8.10 40 seconds

To be fair, the Ubuntu’s hardware we’ve used is a little older, and Windows 7 had the advantage of being a fresh install, so all we can conclude is that on these matter they aren’t as different as we would expect.

Windows7 setup

Here’s a cool experience: on the same laptop, I’ve timed the time it took to install Windows 7 and Ubuntu 8.10, configure networking and browse an internet page. Here are the results:

Windows 7 23 minutes
Ubuntu 8.10 26 minutes

Let me start by setting a disclaimer: this was hardly a scientific experience, some idle time on each installation could seriously affect the results, and as you may imagine I wasn’t fully devoted to these tasks. So this can only be read as an indicator, nothing else. But given the fact that Ubuntu fits on a CD and Windows 7 uses a DVD, the results are quite impressive.

To be honest I though that Ubuntu would loose for much more, the experience I had on older hardware was just too bad.

My conclusion can only be: it won’t be for the installation time that we won’t install these two.

Wednesday, March 18, 2009

“Hacking and Securing RFID” Presentation

DSC02834 Last week me and my good friend Manuel Fonseca presented a session on Instituto Superior Técnico’s XVI Semana Informática. The title of the presentation was “Hacking and Securing RFID”, but it ended up being a little frustrating for us and for the audience as we stripped most of the more sensitive stuff that we originally intended to expose.

We started with a disclaimer where we explained our interest: our company has over 10 years of experience on the radio frequency space, a lot of projects out there, most of them exposed on open loop, so we have to assess the security of these projects.

Then we listed a series of RFID scenarios we use daily and corresponding threats, identified as advantages the remote identification and process automation, and concluded that these are also the same disadvantages.

We presented the threats on the personal and system level, putting them into perspective compared to low tech security, like the one used on classic door keys and document since man can write. We concluded that RFID is different because:

  • reading / writing doesn’t need physical access to the resource – on a classic door key we have to access it in order to clone it; this broadens the exposed security surface
  • collection and consolidation automation capability

Then we listed some typical class of attacks:

  • Skimming
  • Eavesdropping
  • Tampering
  • Man in the Middle
  • DoS

Basically nothing new here, just a sub-set of the standard security attacks.

We finally entered the “touchy” zone, describing some tooling and hacking case-studies. Not too deep, I’m afraid…

On to the approaches: from paranoiac to relaxed, we ended up concluding that we have to quantify the security risk, the business value and the impact upon security breach, and architect security accordingly, always keeping in mind how often we have to choose from commodity or security.

Then we set for more social waters, stating that:

lower security => lower privacy => lower liberty

On to how to secure, where we’ve covered:

  • architecting security
  • standard cryto
    • key management, chip distribution
    • keys and algorithms
    • security live spawn
  • hardware limitations
    • processing limitations
    • most tags can’t carry a clock, and little context
    • secure tag are costly
    • on passive RFID, higher processing => lower range
    • blocking tags & DoS

From the user view, we’ve defended:

  • users should prefer secure items & services
  • if possible, users should kill the tags
  • if not, users should be able to enable / disable tag reading / writing

And we ended up concluding that RFID technology is not always mature enough to assure the best security standards, and that is an issue we have to address. If not for other reasons, because the perception of insecure RFID poses a serious risk to the adoption of this technology.

Tuesday, March 03, 2009

Microsoft MyPhone Beta

Just started using this sync tool. It gives us 200MB of mobile sync data, and for now all I have to complain about is the photos it found: about 250 photos, most of them smileys from messenger… oh well…

The coolest item synchronized is SMS messages – yes, for some strange reason I find it interesting, let me try and explain: I have this thing with data, I just can’t stop collecting it. I know, seek help.

Lets hope it doesn’t collide with my outlook synchronization.

Development Catharsis :: Copyright 2006 Mário Romano