Category: Uncategorized

Published on by Nayar

Secure Gate or Secure Safe?

Me, Nadim and Ish were having a little talk about how to store passwords in databases.

Traditionally, passwords for a user are hashed using an algorithm such as MD5 and SHA-1 and then the hash gets stored in the database. Since hashing is a 1 way function, you cannot have a function MD5-reversed for example in which you pass in the hash and it will give you the original password. However, using rainbow tables we can try to find the original password.

Another issue with this is that if an attacker gains access to the database, if 2 persons use the same passwords, the hashes will be the same.

The use of a salt passwords can help to make current pre-computed rainbow tables. Me and Nadim were this discussing whether each user should have a different salt or not? And should the salt also be stored in database?

I think the most secure way would be to have 1 common salt for all, 1 salt for each user and then run the hashing algorithm to get the hash to be stored in the database. The common salt should be stored in a text file so as the attacker having the database cannot have the common salt unless he has access to the server file-system itself.

Enter Ish Sookun
Ish was of opinion that if your system is secure enough, there is not need to secure and encrypt the database.

If the database has been configured to accept only the IP of the web server, all files have been rightly chmodded, only the needful php libraries are installed, if all unused ports are blocked correctly, it doesn’t matter whether passwords are stored even in plain text.

He says what’s the point of having a secure safe which cannot be broken if your front gate is open, doors are open, you have no camera in your house. Eventually, the ones who steal your safe will use grinders to open it!

On another extreme, if you have the most secure gate, it doesn’t matter if you walk naked inside and leave your money scattered everywhere on the floor since no one can get past your gate.

Conclusion
I don’t think all companies can have the funds to hire a System Administrator with the caliber of Ish Sookun. If all do, there is only 1 Ish.

Security should be multi-layer IMO. Because we never know when your main gate might be breached.

There was a time the Great Wall of China could be used to defend. But since drones and satellites were invented, all walls are basically useless nowadays.

Published on by Nayar

Kubuntu 15.04 Beta 1. WiFi no use

So, decided to test run Kubuntu 15.04 for having latest Plasma desktop. Install went smooth alongside my Kubuntu 14.10 and Windows 8.1.

1. Booting into the system, i simply can’t access any of the WiFi either with hidden SSID or broadcasted one. I’d get the following message.

Connectino Deactivated. The WiFi network could not be found

2. The start menu also froze which when force-fully killed, the whole desktop and taskbar was gone leaving only applications open. I could still switch between them by putting my cursor on the top left corner which displays all open apps.

snapshot4

3. I also notice that when running System Monitor (ksysguard) from KRUnner by pressing ALT+F2, the KRunner would not disapear unless i close System Monitor again.

snapshot5

And when I would close it, I’d get this error message then KRunner closes.

snapshot6

Final Notes:
I can say Kubuntu 15.04 is really really fast. Dolphin, System Monitor, Firefox open like in a breeze. It feels like on an SSD. But unfortunately I won’t be able to test more as I can’t get the WiFi to connect 🙁

Published on by Nayar

MyT Fibre steals 1 out of my 50GB monthly allowance

Today is the 1st of March. My MyT Fiber connection was supposed to be upgrade to 10Mbps. But I notice I am still on 1Mbps. I check on their website. I see my volume allowance back to about 50GB.

snapshot33

I wanted to try Kubuntu 15.04 Beta 1. The download reached about half. Decided to call Orange customer support on 8902.

The lady told me to restart my Fibre livebox. My connection back to 10Mbps.

I already lost about 1GB of data on 1Mbps since the morning. She says I need to restart my Livebox at each beginning of month because they updated on their part and I need to do same at home. But they can deduce from my data allowance automatically. This is no problem for them.

UPDATE:

https://www.facebook.com/photo.php?fbid=10210078306587188&set=a.1457356646900.61743.1622890382&type=3

WTH Orange?

Published on by Nayar

MyT LaFibre (10Mbps limited at 50GB monthly)

Terms:-
B : byte = 8bits
Mb: megabit = 1024 * 1024 bits

MB: megabyte = 1024 * 1024 bytes = 1024 * 1024 * 8 bits

GB: gigabyte = 1024 MB

snapshot30

Been more than a month now since been using Orange’s (Mauritius Telecom) fibre connection with 10Mbps speed i.e. you downloaded at 1MBps. Since I usually use peer to peer download method (Torrents), I can say if there are enough peers, most of your downloads will be at that speed. If you use file sharing websites, then a speed limitation might come from them 😉

10Mbps is more than enough for me. My HD video contents download faster than I can watch. A 700 MB Ubuntu ISO takes 10 minutes to download. A 1400 MB 1080p .mkv video takes about 20 minutes to be downloaded. I can download sequentially to watch as it downloads. Why should I want a 100Mbps connection right now?

The Catch?

The 10Mbps is only applicable to the first 50GB traffic. Yes. Both downloads and upload in that. Think at the beginning of the month, I saw about 54GB in the customer section on Orange’s website. But that’s it. Being a responsible torrent user is harder. I usually seed to 1.10 ratio. I have to wait when the 50GB is over to seed unlimited till the end of month.

50GB is used up in 15 days.

My mom and sister are heavy “youtubers”. I had to tell my mom yesterday to limit watching her serials to extend the high speed time. 50GB is really not enough for a regular family usage.

orange3

No 2Mb/s for local and youtube when package is over

When your 50GB ends, you go down to 1Mbps. Seriously? Make it to 4Mbps atleast!

WiFi weaker

I noticed the WiFi signal is a bit weaker than the previous ADSL modem. Anyone else noticed this?

media-20150215

Online Gaming
I usually play League of Legends online. Found my ping to be almost same. Nothing to note here.

Conclusion

10Mbps is the perfect speed to have in 2015. But the data limit are a deal breaker. It is torture. You don’t feel “free” anymore.

You start wondering whether it is really important to download this right now. Think I would have preferred to have 5Mbps unlimited throughout the month rather than 10Mbps for 50Gb then 1Mbps afterwards. Anyone with the same opinion? Ideally, we should all have 10Mbps unlimited!

Published on by Nayar

The Timestamp

No one stores age in a database. Age is a derived attribute. We usually store date of birth of someone.

As a noob, I put the dob field as INT(10) in my database. To select e.g. users between 18 – 25 years old, I’d run the following SQL query:

SELECT *
FROM users
WHERE dob <= unix_timestamp(NOW() <= (NOW() - INTERVAL 18 YEAR) AND dob >= unix_timestamp(NOW() - INTERVAL 25 YEAR)

It worked fine until I realized that it would not work for people who are born before 1970. PHP’s strtotime() function was returning a negative number as timestamp which is correct but the DB would refuse to put it since it was INT.

After some more googling, I came to know that I should have used DATE type.

After that, everything gets solved.

SELECT *
FROM users
WHERE dob <= (NOW() - INTERVAL 18 YEAR) AND dob >= (NOW() - INTERVAL 90 YEAR)

The advantage now is that it can be used to POST with HTML5 forms and used as value directly.