Archive for the ‘ Tech ’ Category

Cargo cult security – how not to use hashing

Sometimes, I still get surprised by the lack of thought behind some software systems that have made it to production. This time, I stumbled over a 2 year old reddit thread about the Swedish city Västerås using WiFi to track the movements of people, storing hashes of their smartphone MAC addresses, in the rather naive misbelief that hashing would render people anonymity. That leads me to a subset of the subject of cargo cult programming: cargo cult security.

In short, cargo cult programming means that you use a chunk of code because you more or less know what is does, but have no idea of how it works. That means you can’t modify the code, and you probably also unknowingly include redundant code.

In my example of cargo cult security, the developers in question used hashing as a means to anonymize users. From a cargo cult perspective, hashing works well for storing passwords, so if it’s used for a completely different application it should work there too, right? No, actually quite wrong.

Read more

IdleLock – a utility to lock your PC after X minutes of idle time

IdleLockIconIf you want your Windows PC to lock (i.e. require you to enter your password to use it) after a period of user inactivity, you can go to the screen saver setting and check “On resume, display logon screen”. But what if you want the screensaver to be activated after e.g. 10 minutes, but you don’t want the PC to lock until after 20 minutes? In Windows XP, you could resort to the ScreenSaverGracePeriod registry hack. However, in Windows 7 and later, the PC will be locked no later than 60 seconds after the screensaver kicks in, no matter what ScreenSaverGracePeriod value you have specified. To remedy this flaw, I whipped up IdleLock, a small utility that locks your PC after a selectable time of user inactivity. Read more

Google Drive – 15GB of unreliability

The better part of a year has passed since I last gave up on Google Drive because of its unreliability, which is akin to that of a Lucas automotive electrical system. In mid May, Google announced that they tripled the storage space, giving you a total of 15GB for free, if you were brave enough to submit your files to the bug ridden mess that is Google Drive. Surely, this must be an indication that they finally sorted out their problems and that Google Drive at last was ready for serious use? A couple of weeks ago, I thought it was time to find out.

Read more