System Overlord

A blog about security engineering, research, and general hacking.

Canonical Store Issues

04 Jul 2010 in Misc (Reading time: 1 minute)

I hate to use this as a venue to address issues I'm having with the Canonical Store, but I'm somewhat disappointed in it.  On the 21st of June, I ordered the "Ubuntu Certified Professional - Exam Bundle." As of today, I still have not been able to get the codes to register for my exams with Pearson VUE. Last week, I contacted Merchandise Mania (the operators of the Canonical Store) and they said they would pass my concerns on to Canonical and someone would contact me "if they can help." I still haven't heard anything. So if anyone involved with this at Canonical reads this, I'd greatly appreciate an update.

Update: I was contacted this morning by a very nice Canonical employee who has gotten me sorted out. It's this kind of customer service that I appreciate in a company. Thanks, Canonical!

Who's screwed up worst?

27 Jun 2010 in Security (Reading time: 2 minute)

Several organizations, including parts of the US government, have successfully screwed things up, or promised to screw things up, this week:

  • The USPTO granted a patent to Amazon.com for charging for computing resources on an as-used basis.  This is similar to the chargebacks of mainframe computers beginning in the 1960s.  Apparently patent examiners are not familiar with the term "prior art" or "obviousness."
  • White House cyber-security czar Peter Schmidt is considering rules that would put computers with viruses into a "walled garden."  There is, of course, no discussion of how this will work -- agents on your computer?  IDS?  Either way, false positives, SSL, and public wifi hotspots are sure to only make this a headache for legitimate users.
  • ASCAP has shown themselves to be ass-hats.  Not only do they want to charge royalties that are crippling to non-profit organizations, but now they want to prohibit artists from using their choice of license for the media they produce.  They won't be happy until they have control over the entire music market.  Apparently choice and freedom aren't options for musical artists.

Attack of the Cosmic Rays!

24 Jun 2010 in Misc (Reading time: 2 minute)

KSplice has posted an interesting article regarding the consequences of a single flipped erroneous bit in RAM.

It’s a well-documented fact that RAM in modern computers is susceptible to occasional random bit flips due to various sources of noise, most commonly high-energy cosmic rays. By some estimates, you can even expect error rates as high as one error per 4GB of RAM per day! Many servers these days have ECC RAM, which uses extra bits to store error-correcting codes that let them correct most bit errors, but ECC RAM is still fairly rare in desktops, and unheard-of in laptops.

Makes me want to build my next desktop with ECC RAM.  Of course, that requires a motherboard that supports it, among other things.  When you're using encryption, a single bit error can result in the inability to decrypt an entire file.  I wonder what steps could be taken to mitigate those sort of issues.

Twitter banned from misleading consumers 'for 20 years'

24 Jun 2010 in Security (Reading time: 1 minute)

Twitter has been, among other things, "barred for 20 years from misleading consumers about the extent to which it maintains and protects the security, privacy, and confidentiality of nonpublic consumer information..."  I believe that Twitter should not be misleading consumers about any aspect of their security, but it almost seems that a specific bar of this nature, and with a specific duration, seems like an implicit permission for other companies to mislead consumers (as they have not been so barred) and that, after 20 years, Twitter can mislead consumers all they want.  Seems like a bit of common sense that the FTC has felt the need to spell out...

AOL prevents use of Shoutcast

23 Jun 2010 in Misc (Reading time: 1 minute)

AOL has apparently served the VideoLAN developers with an injunction preventing any ShoutCAST functionality from being included in VLC, or any other application that uses Open Source components or software.  I appreciate this greatly, as the next time I'm tasked with exploring streaming media solutions at work, I'll have one less contender that I will consider.  To be specific, as far as I'm concerned, ShoutCAST is not a viable solution for any form of streaming media, and must be avoided like the proprietary plague it is.