The Haphazard Blog

Technology

Apple Response to iTunes/App Store Hack Seems Dubious

by on Jul.07, 2010, under News, Technology

Over the long weekend, there were reports that iTunes accounts were hacked and fraudulent purchases were made in iTunes and the App Store. Most notorious was a single author having a lot of his books in the top 50 in iBooks. Yesterday, Apple responded with the following:

The developer Thuat Nguyen and his apps were removed from the App Store for violating the developer Program License Agreement, including fraudulent purchase patterns.

Developers do not receive any iTunes confidential customer data when an app is downloaded.

Engadget also reported that roughly 400 iTunes users were affected by this. To me, all of this does not make sense. I still have questions, and as far as I can tell, the press has taken Apple’s word and moved on to other things.

  1. How was a developer able to make fraudulent purchases on other users’ behalf?
  2. Is Apple implying that Apps this developer made were able to do this? If so, what have they done to prevent other developers from doing the same thing? Have they issued a remote kill on his Apps? This would seem to be a very big security issue. (Also, some of the people who reported the fraudulent activity claimed they never purchased anything from that developer).
  3. If they aren’t implying that, what other mechanism was used by this developer?
  4. Apple’s own PR says that over 1.5M books were downloaded in the first 28 days. Since then, over 2M more iPads were sold. It took only 400 iTunes accounts to push 42 books into the Top 50? On the surface, it seems like a very low number of books (assume 400 copies of each) to take over the Top 50. Are sales for popular books that low?

I hope people out there are doing some more digging on this and not just taking Apple’s statement as the full story.

Leave a Comment :, , , , , more...

It’s Called the Referer!

by on May.22, 2010, under News, Technology

Yesterday, the Wall Street Journal published a story about a “Privacy Loophole” in many social sites. I’m not sure if they just wanted to pile onto the the whole privacy fire or if they really don’t quite understand what it is.

The bottom line is this is nothing new. It’s called the Referer (I do know this is spelled wrong, but somehow this is how it was spelled in the actual standard) and it is very simple. It is part of the standard that is essentially the basis of the “world wide web”. When you click a link, part of the information that is sent to the site that link points to is the address of the page where the link originated. So when anyone clicks the link to the WSJ article in the previous paragraph, the people at the WSJ will know how you arrived at that article.

This is how I know ~75% of the traffic to my site is from Google searches. So, if I’m on my Facebook homepage (http://www.facebook.com/jhgandhi) and I click an advertisement (it has to be a direct link to the advertiser’s site) they will know where I came from and could visit my facebook page (of course, they’d have to be my friend to see more than basic information).

The simple solution (which Facebook and MySpace implemented quickly) is to just have the ads link to a page on their own site that then redirects to the advertisement’s site.

This “loophole” is everywhere a page with personally identifiable information links to another page. It has been around since 1990. Other information a web site gets includes your IP Address (can be used to get a rough location), what Operating System (Type and Version) you are running, what your screen resolution is, what fonts are installed on your machine, what browser you are using and a bunch of other things. This site has a good summary of what it can capture when you visit their site (this site will read all of the information that you transmit and display it to you).

It is good that they published the article, but it comes across as somewhat sensational when it is something very common all over the web. It likely took only a few minutes for them to make the changes to their ads so that the potential for people to use the referer is eliminated. So remember, when you click a link from my blog, wherever it takes you, they could find out you read my blog. :)

Leave a Comment :, , more...

Migrating From a Single Disk to New RAID 1 (Mirroring) Array

by on Apr.27, 2010, under Computer Hardware, Technology

It took some data loss for me to finally move to RAID. I was backing up my data to DVD every week or 2 and I was pretty comfortable doing that. My bigger problem with the hard drive failure was the amount of time I had to spend to reinstall the OS and all my applications to get back up and running. So I lost a little bit of data, but had to spend 2 days diagnosing the failure and rebuilding a machine to get back to work (since I work from home, I’m pretty much my own IT department).

My new machine came with a single 250 GB HD and my plan was to move to RAID by adding a second drive. That procedure would’ve been fairly simple. Install the new drive, launch the RAID software (in my case, Intel Matrix Storage Manager because my Precision T5500 has an Intel ICH10R southbridge) and create an array. Instead I got two 640 GB drives to replace my primary drive. This is where I was not sure what to do to migrate to RAID 1. It turned out to be pretty simple, but I thought I’d outline the steps here.

  1. Write down the serial numbers for the drives and keep track of which drive is which (this may be the only way you will know which drive is empty and which has data when you create a RAID array, for me my drives were the same model and capacity, so the only difference was the serial number)
  2. Install one of the new drives and use the software from the drive manufacturer to clone the drive (my new drives were made by Western Digital, so I used Acronis True Image WD Edition)
  3. After the cloning procedure is completed, remove the old drive and install the new drive as your new primary drive and verify that you can boot into Windows
  4. Install the second drive in your machine, boot up and launch the software that manges RAID (in my case, it is the Intel Matrix Storage Console)
  5. Follow the instructions for your software to create a new Array (in the Intel Matrix Storage Console, Actions->Create RAID Volume from Existing Hard Drive)
  6. Creating a RAID 1 (Mirroring) array should be straight forward (select the source drive, select the drive to mirror to and accept the risk that the data on the second drive will be destroyed)

All in all, it took just a couple hours to do everything (most of that time was spent letting the PC copy the data) and while I didn’t, with the Intel Matrix Storage Console, I could also keep using the PC as it created the array. Also, I still back up my data to DVD every week or 2 because it is still possible that both drives could fail. I’m only treating this as a time saver in the event of a hard drive failure.

Leave a Comment :, , , more...

Four Sticks of RAM in Triple Channel Mode

by on Apr.24, 2010, under Computer Hardware, Technology

The machine I have has an Intel 5520 chipset (enterprise equivalent of the X58) and Intel Xeon 5500 series CPU (enterprise equivalent of the Core i7 series). It came with 4 GB or RAM installed as four, 1 GB sticks. The chipset is designed to run in triple-channel mode, so the ideal way to install RAM is with 3 matched sticks at a time.

I wondered what happens when you install 4 sticks in the machine with 3 sticks filling one set of channels and the other stick installed by itself. In my case, because I am running 32-bit Windows XP, I can only address 4 GB of memory. This is an important limitation for me because between my video card (512 MB of RAM) and other devices, it leaves me with 2.93 GB of addressable space for RAM. That means I can remove 1 GB and still have the same amount of RAM.

I ran benchmarks with SiSoftware Sandra Lite and Lavalys Everest Ultimate to run synthetic memory benchmarks. Here are the reults:

4 vs 3 Sticks of RAM

The maximum bandwidth went up significantly under Sandra by removing 1 stick. Under Everest, the numbers remained close with 3 sticks edging out 4 sticks in 2 tests and losing out in 1 test.

So in the end, I pulled 1 stick out of my machine. I had the flexibility because I can’t use the full 4 GB regardless so I might as well take the performance improvement. Things will get interesting later this year (hopefully) when I upgrade to 64-bit Windows 7. The simplest solution would be to buy 6 GB (2 x 3GB).

Leave a Comment :, , , , more...

You Suck Apple

by on Apr.13, 2010, under Computer Hardware, Technology

My wishlist was worthless. Actually, it was more than worthless. I had assumed it was a given that the refresh would have Intel Core i3, i5 and i7 chips and the 13″ MacBook Pro had no such upgrade.

So, my tally: no higher resolution display, no RGB backlighting, no blu-ray, no USB 3 and the same weight.

What did Apple do?

  • Sped up the CPU from 2.26 GHz to 2.4 GHz and left it a Core 2 Duo, one whole speed bin!
  • Doubled the RAM from 2 GB to 4 GB
  • Increased the hard drive size (160 GB to 250 GB)
  • Upgraded the video processor

Every upgrade on that list is useless to me. It’s barely faster. You can buy more RAM for a lot less from anyone but Apple. I was going to get a smaller hard drive (SSD, faster and silent). Not sure what impact the upgraded video would have (I didn’t plan to play games on it and the UI seemed plenty snappy when I played with one at Best Buy).

I shouldn’t be shocked by this. Maybe they’d rather I buy an iPad? That will never happen. If I get a Windows 7 laptop, it’ll be years before I consider a Mac again.

Leave a Comment :, , more...

New MacBook Pro Wishlist

by on Apr.12, 2010, under Computer Hardware, Technology

It’s been a long time since I really used a Mac. Probably going back to grade school and using it for things like Print Shop, games and talking to other students at other schools over 300 baud modems.

I thought about getting a Power Mac a couple years back around the time Apple switched to Intel chips. The most appealing part of OS X was it was built on a Linux core and that provided a very good foundation. Developers (mostly non-Windows) were using it and really liked it.

My laptop is now over 5 years old and it’s about time to get a newer one. I’ve been waiting for the new MacBook Pros to come out for a while. Rumors are they are coming tomorrow. Without an event planned, I wouldn’t expect to see any major changes. With that in mind, I’d like to see the following in the new 13″ MacBook Pro.

  • Higher resolution, 16:9 display instead of 16:10
  • RGB LED instead of White LED backlighting
  • Blu-Ray drive
  • USB 3
  • Lighter (< 4 pounds)

The upside to no major redesign is I’d avoid what seems like early adopter problems that plague Apple. Also, I hope they fix their problem with 3rd party SSD drives (although I’d get an Intel one anyway).

All in all, I want a light and silent laptop. If this refresh is crappy, I’ll be giving the Dell Vostro V13 a hard look. I thought I’d see a lot of people try and turn them into Hackintoshes by now. Why hasn’t anyone tried?

Leave a Comment :, , , , more...

Visual Studio 2010 RC Installation Problems

by on Mar.21, 2010, under Software, Technology

I had trouble installing Visual Studio 2010 Professional RC on Windows XP last week. My issue was when I was running the installer, it would start a little bit and then the installation dialog would just exit. Looking at the log files from the installation (located in your user account’s temp folder, usually C:\Documents and Settings\User Account\Local Settings\Temp) didn’t really point to a specific cause.

I was able to install it by using the following command from within the setup folder at the command prompt:

setup /q /full

This ran the installation from the background, but be warned, it will cause your machine to automatically exit applications and reboot. In my case, my machine rebooted twice and after the second time, it was about 30-45 minutes before the installer was done (I could only tell by monitoring the task manager and the setup.exe process along with the constant creation of msiexec.exe processes). Unfortunately, Visual Studio would crash constantly (with no error) when I moused over the Toolbox.

Finally, I came across something on the MSDN boards. I wasn’t having the problem the person who posted the question was having, but this took care of my problem. I also suspect if I did this first, I would’ve been able to use the installer normally. The solution is to disable handwriting support. Since I don’t have a tablet, I didn’t need it (I don’t know why it was enabled in the first place).

  1. Open the Control Panel
  2. Choose Regional and Language Options
  3. Go to the Languages tab
  4. Click the Details… button in the Text services and input languages pane
  5. Under Installed services under the Settings tab, Remove Handwriting Recognition
  6. Click OK
  7. Click OK

As I was getting the link to the RC when writing this article I saw there was an important note posted on the site:

Important Note: If you use IntelliSense on a device with UIA 3.0 (e.g., Tablet PC, touch display, some 3rd party applications), be sure to download these two hot fixes before using the RC (KB980610 and KB980920).

Installing those may also prevent the errors while maintaining handwriting recognition support if you need, but I’m not sure. I ignored those downloads at the time because I don’t have a tablet.

Leave a Comment :, , , , , , more...