Tuesday, January 28, 2014

Keys, Locks, and Public Key Cryptography

One of the things that I find dismaying is the lack of general understanding of public key cryptography.  This is an attempt to rectify some of that in simple terms, without math or talk of elliptic curves or very large prime numbers or random seeds, presented as an easy-to-comprehend familiar analog.

Assume first an unbreakable lock.  Yeah, I know, I just lost you.  In the physical world, there’s no such thing.  Every lock can be picked, or if not picked, then opened with bolt-cutters or worse.  Let’s ignore those things for the time being, just for the sake of getting our heads wrapped around how public key cryptography works.  I can explain the unbreakable part later.

For our unbreakable lock, we have a key.  This is the only key we have, and no one else has a copy of this key.  In order to ensure that no one else can open our lock, we must keep this key secret.  We must never let go of it, or share it, or hand it to someone else who can easily make a copy of it.  We can, however, back it up and make copies for our own use, as long as those copies are similarly never shared.  In order for us to trust the security of the lock, the security of its associated key is paramount.

Furthermore, let’s up the ante a little bit and assume that we’re in a bizarro fantasy world where you’re surrounded by people with photographic memories who really are out to get you.  You’re not just paranoid.  If you so much as use your key in plain sight, any one of them can, from memory, reproduce your key and open your lock, taking anything you wished to secure, including your own identity (in effect, they can pass themselves off as you and act on your behalf without your knowledge).

Your lock is then equivalent to a public key in public key cryptography.  You can show it to anyone.  You can pass it around, secure in the knowledge that it is unbreakable.  To protect something you need only secure it with that lock.

Let’s say you hand that open lock to someone else, so that they can send you something securely.  All they need to do is put what they’re sending to you in some container and close the lock.  They can’t reopen it, because they don’t have the key, only you do.  They know at the moment they close the lock that only you (or rather, only the holder of the key associated with that lock, whether that is you or not) will ever be able open the lock and receive what they sent.

This is equivalent to asymmetric encryption.  The public part of the public/private key pair is used to encrypt something so that only the holder of the private key (the key that fits the lock) is able to decrypt it, even though the entity performing the encryption doesn’t have or need the private part.

There’s a healthy amount of skepticism in this bizarro fantasy world, though.  Many of its inhabitants don’t believe that lock is yours, and you are asked to prove ownership (incidentally, this is how you prove you own the Bitcoin you spend).  You can’t just wave your key in front of anyone, though, because as soon as you do all those photographic memories will go to work and everyone will be able to produce the key that opens that particular lock.  Instead, you have to prove that you own the lock without ever showing the key.

Easy enough…  you turn around and, making sure no one is looking over your shoulder, you open the lock.  Hide your key once more, and then display the opened lock for everyone to see.

This is how signatures work.  You have proven ownership of the private key associated with the public key, without ever showing the private key itself.

Now, for the unbreakable part.  The reason our lock is unbreakable is because in public key cryptography we’re talking about a mathematical relationship between the public and private keys, through a cryptographic formula that is available for all to see and review.  This isn’t a simple mathematical relationship, but it is one that has been reviewed and examined by some of the very best mathematicians worldwide, all of whom have varying interests in securing this relationship or breaking it.  Those with a vested interest in breaking the relationship or finding some algorithmic flaw that would allow the private key to be determined or reverse-engineered or brute-forced, given the public key, have come up with nothing (so far).  Those with a vested interest in securing the relationship and coming up with something even better have been unable to (again, so far), and have posited that it would take more energy than what is available in the universe to crack this code.  There is plenty of incentive to crack it, the person or people that can would then be able to single-handedly control and manipulate the world’s wealth and information.

Think about this, though…  Let’s assume that some moustache-twirling villainous type has found a flaw in the algorithm, and with dreams of unlimited wealth and power has decided to keep that information to him- or her self.  There are many others worldwide, who don’t share that villain’s desire or ideology, and who would be looking at those same algorithms with the knowledge to understand them and their implications, bent on preventing exactly that situation from occurring…outing the villain and at least rendering his plans ineffective by publishing information about the flaw and fixing it, if possible.  This has happened many times already, through RC2, MD5, DES, Triple-DES, SHA1, etc., just to name a few algorithms whose weaknesses have been found.

Even when the reward for cracking these algorithms is nearly unlimited wealth, power and control, on an individual level it’s far easier to get someone to show their private key through malware, key-loggers, screen captures, human error, misplaced trust, and the like; or simply beat it out of them.  All those photographic memories out there can then take a picture of it and steal your wealth, your identity, your life.  We, as people, are the weakest link.

del.icio.us Tags: ,,,

Tuesday, December 10, 2013

What I know about Bitcoin, in a nutshell

I first heard about it December of 2012, when I was shopping for software I could use to convert some of my DVD's to local video files I could play on my laptop (falls into "Fair Use" under copyright law, and a hotly contested gray area under DMCA because of the encryption keys used to copy-protect DVD and CD content).

Anyway, I found a company that produced exactly what I was wanting (http://www.slysoft.com), tried them out and liked the results, and wanted to purchase their "bundle" of software.  Then I ran into problems.

I bank with a fairly small credit union, and have since '95.  As a small bank, they don't have the tolerance for risk and fraud that a lot of larger banks do, and so they don't allow international purchases using their debit or credit cards.  Slysoft didn't accept things like PayPal, and dealt primary in Euros, but accepted Bitcoin and offered a 10% discount on top if you used Bitcoin.

So began the adventure... how do I get Bitcoin?  I just want the darn software!

So I did a lot of reading.  With the Euro so unstable at the time, many merchants (especially in the European Union, but elsewhere as well, such as Africa, Australia, and Canada) actually favored Bitcoin as a form of currency over traditional fiat.  (In fact, the experience of reading about the places that BTC was accepted and even favored as a form of payment reminded me of Watto's line in "The Phantom Menace" - "Republic credits are no good out here... I need something more real.").

I also came across a lot of posts describing Bitcoin as a "scam", "shady", "associated with organized crime, drug and arms dealers, and other illicit activity".  Inevitably, I ran across the references to Silk Road, an underground anonymous marketplace that sold drugs, arms, assassinations and mercenaries and whose only accepted currency was Bitcoin.

Still, it intrigued me.  The association with the criminal element didn't deter me, because even though the fact that places like Silk Road might have favored Bitcoin to get around government controls and national borders might have been "newsworthy", there are still many billions of dollars, Euros, Kroner, and other currencies associated with crime that is not (newsworthy, that is).  I'm sure most of your local drug dealers aren't yet trading pot or pills for Bitcoin, if they've even heard of it.  Cold hard cash, in whatever form, is still king in that marketplace.

And then there were the positives...  Wordpress (providing a range of blogging services) accepts Bitcoin, opening up the blogging platform to payments from users in countries not supported by PayPal or credit card providers, giving a global voice to those who would otherwise be unheard. Many other merchants and businesses followed suit, and consequently spread their reach to a global market.

So how fast could I get some Bitcoin?  After all, I just wanted my software fix from Slysoft.  (The irony of the name of the company that I wanted to purchase software from, "Slysoft", and the association of Bitcoin with the underbelly of society at the time was not lost on me.)

It turned out to be relatively difficult, as compared to PayPal or other payment processing systems I was already familiar with.  Most of the places I ran across, like BitInstant, didn't want anything to do with traditional banks or credit cards... you couldn't just "link your bank account" and proceed to buy BTC with it.

In hindsight, this makes sense now.  Transfers of BTC are irreversible.  There's no "chargeback" mechanism.  BTC favors the merchant, not the consumer.  The merchant needs to have cash in hand, verified funds, before they provide services (or goods, or BTC).  If something goes wrong, then it is up to the merchant and the consumer to resolve their differences; it is not possible for the consumer to simply call their bank and put a stop to or chargeback a payment with BTC.  There's no bank involved.  There's no central authority involved except the peer-to-peer blockchain (read that as "cloud" or "no single entity") and it can only confirm and verify transactions; at least, that is one of its primary purposes.

Fortunately, there are some honest merchants out there.  Unfortunately, there are some shady ones as well.  I have dealt with both in my experience.

By January 2013, I was convinced; BTC is going to be big (still am, by the way – reports that BTC could hit $10K, even $100K in the next few years are not exaggerated in my opinion).  Peer-to-peer, no government, no borders, no banks.  BTC is worth whatever someone is willing to trade for it (be it another currency, like Euros or dollars, or things like goods or services).  It fulfills the claim that it is a "store of value" and a "means of exchange".  It favors merchants by offering a direct exchange between consumer and merchant, without the overhead of most banks' and credit card providers' transaction fees.  The only "middle man" is the blockchain, the peer-to-peer (cloud) network that confirms transactions.  While it is possible to pay a "miner's fee" to have your transaction verified, settled and confirmed more rapidly, it isn't necessary or required.  Transactions themselves are as fast as an email or a scanned QR code, and settlement and confirmation takes place in between a few minutes to a few hours, rather than the days (business days, at that) in traditional banking.

This epiphany caused me to question the whole concept of "money".  The detractors claim that Bitcoin has no "intrinsic value" and that things like the U.S. Dollar do because they are backed by "the full faith and credit of the U.S. Government".  Hmmm...  I'm not sure what that means, exactly; I have little faith and don’t give them much credit.  We're not on the gold standard any more.  The U.S. government can create (and has created) trillions of dollars out of thin air and dumped them into the economy and called it a "stimulus package" (or “quantitative easing”), which has an inflationary effect of devaluing each of the dollars we already have, driving up prices.  Of those trillions of dollars created out of thin air, less than 10% are ever actually printed as U.S. legal tender... the rest are just numbers in a ledger (more likely, a computer).  Does that have intrinsic value?  Are those numbers somehow "better" than Bitcoin's numbers?  BTC's numbers are based on math and cryptographic algorithms.  I happen to trust that.  I can't quite say the same for our politicians or the lobbyists influencing them.  As for claims that the dollar is backed by "U.S. military might", I have long held the belief that our military no longer works for the will of the people, but rather for the politicians (and lobbyists behind them) that control their funding.  That is too bad, really, because I love those who want to serve our country and support them when and how I can, even if I don't support the actions and campaigns of the military at large.

And then there's gold.  BTC mining was modeled after gold.  Initially scarce, but relatively abundant (millennia ago for gold) and easy to find or mine.  Exponentially more difficult until you reach a point where every last bit has been mined and there's no more left to find.  It used to be possible to "pan for gold" as recently as the 1800's, but now gold mining eeks out a meager profit and requires vast resources to get into the business; the barrier to entry is now too great for the common man.  At this point, with nearly half of the total amount of BTC already in circulation, the same is (unfortunately) true of BTC mining.  Scarcity drives up gold's (and BTC's) value, resulting in a deflationary effect where the things you can purchase with it cost less relative to the value of the gold (or BTC) itself.  But scarcity alone isn't enough.  Adoption and utility play their own roles.  More and more merchants are adopting BTC as a "means of exchange", which is wonderful.  Robocoin is now making BTC ATM's, where the general populace can exchange BTC for fiat.  BTC can be sent/received via email, or using the open-source Bitcoin software, or minted into physical coins or printed on notes (each carrying the cryptographic keys necessary to log the transfer of funds on the blockchain).  You can even print a paper "wallet" and store it in a safe.  As smart phones are common, you can tap phones together or display a QR code on one read by the camera on another to transfer funds.  Utility is looking good.

Speaking of utility... A news story ran (reference, not the original story) when BTC value reached $250 where a man in Florida put this utility to a test, offering 10,000 BTC to have a pizza delivered to his door.  At the time of his offer, BTC's were still worth only a few cents.  A man in Europe took him up on the offer, and used his own credit card to call up the Florida man's local Papa Johns and get the pizza delivered.  At the time the story ran, that exchange was worth about $250,000.00.  The Florida man was unperturbed, calling it a "good pizza".  At today's BTC value, that pizza was worth over a million dollars.  (This is not to say the Florida man should have hoarded his 10,000 BTC.  The utility of being able to purchase goods or services with BTC is important and should not be overlooked... hoarders will only limit that utility.)

Then there are the claims that it is a "pyramid" or "Ponzi" scheme.  I don't see it.  This requires late-comers to pay dividends to the early investors to keep the scheme going.  As the late-comers dry up, the scheme topples.  BTC doesn't work like that, though many people are taking advantage of the nature of mining a limited (and relatively unknown or undervalued) resource and its deflationary nature to buy as much as they can now and hold it in the hopes that its utility and adoption will increase the value of their own holdings.  That's just the nature of capitalism and greed.

Anyway, back to the quest.  I wanted Bitcoin, and in early January, I was convinced enough that I wanted a lot of Bitcoin; but I wanted it to be easy.

I signed up with Coinbase.  They allowed me to link my bank account, and I could purchase up to 10 BTC.  Except, I wouldn't receive them immediately.  First, they confirmed the link with two small deposits whose amounts I had to enter on their site; pretty standard, even for PayPal.  Then they had me wait until the funds from my bank had transferred, and were verified in their own account, before delivering my BTC.  This took 5 days (after the bank-link confirmation).  Before I could buy any more than the original 10, I also had to wait for my account to be "established" through a 30 day waiting period.  Grumble... easy, but not fast, and I don't like waiting.

I wanted fast.  So I looked into BitInstant.  The 'net claimed it was the fastest way to get Bitcoin, so I wanted to try them out.  I'm not stupid, so I first researched where they were (New York), who the owners and founders were, etc.  The guy running the thing seemed a bit sleazy to me.  I got the impression of a car salesman; but still, I decided to put a little trust in the reviews on the 'net and give it a try.  I took $403.95 to a CVS Pharmacy and used ZipZap to buy a cash transfer of $400.00 to BitInstant's address supplied by their site.  BitInstant charged a 3.99% fee and so I expected to receive around $384.04 worth of BTC at the current market rate (which was $14.25 at the time).  I also expected to receive them almost immediately... certainly within 24 hours.

This transaction at CVS with ZipZap took place 1/12/2013 at 10:31PM.  Glad I kept the receipt.

I waited... and waited.  I sent a support request January 13, asking about my order.  I knew the funds had been delivered.  That was confirmed through ZipZap.  I received no response from BitInstant (at least not immediately).

Time passed, and I involved myself in other endeavors, chalking up my experience with BitInstant as a "lesson learned".

In the meantime, my coins came through from Coinbase and after my 30 days I made a few more BTC purchases.  Now that my account was "established", I could purchase up to 10 BTC / day, and sell up to 50 BTC / day.

Coinbase is a hosted BTC "wallet", among the other services they provide to merchants.  I couldn't hold U.S. Dollars at Coinbase, and whenever I bought or sold BTC, the turnaround time was about 5 days (to receive the BTC, if purchased, or to receive the USD in my bank account, if sold).  Fortunately, the exchange rate is "locked in" the moment you perform a transaction, so you know exactly how many BTC you'll receive (on purchase) or how much will be deposited into your bank account (when sold).

I made my software purchase at Slysoft with BTC and was generally happy with both Coinbase and Slysoft.

I finally received a response to my support request at BitInstant on April 26, stating "We are working hard to process your order and resolve your problem.".  I hadn't given it much thought, but checking the exchange rate saw that BTC was then worth over $100 each (and I had purchased at $14.25).

Stephen Colbert ran a story on the "Colbert Report" shortly after, when BTC jumped to over $200 before settling back down to around $100 each.  I began to see BTC in the news, and knew that the Winklevoss twins (collectively, the "Winklevii", as popularized by “The Social Network”) had reportedly purchased $11M worth of BTC (about 1% of the BTC in circulation at the time).

This rekindled my interest, and I began to pursue the transaction I had placed with BitInstant back in January.  After going 'round several times through email exchanges, BitInstant delivered approximately 4 coins (4.05438166, to be exact) to my wallet, at the current market price in early May ($94.28).

This won't do.  I didn't buy them in May.  I bought them in January, and had the receipts to prove it.  Finally, and only after threatening legal action, I received the 26.95017543 BTC to my local BTC wallet that I was due on May 8...  My experience with a shady company...

...and promptly deposited them into Slysoft's wallet address by fat-fingering the recipient address on the transfer (I had actually been trying to send them to my Coinbase wallet from my local wallet).

Oops.

I sent a support request to Slysoft, asking for that BTC back (because I hadn't intended to send it there, or make any purchase).  Within a couple of days, their support staff confirmed that they had received the funds from my wallet address, that no purchase was associated with the transfer, and promptly returned the funds to me.  My experience with an honest merchant...

I then lost interest in BTC for a while and became involved in other things, until I happened upon a news story in November that referred to them and I decided to check the exchange rate.

BTC were worth more than $700 each when I checked.  The amount I had was now worth more than my retirement fund!

Wow.  Now, instead of a fun experiment, I began to worry about losing my money if it crashed.  I didn't see how it was sustainable at those prices.  The barrier to entry was rising steeply (or so I thought).  Fewer and fewer people would be able to afford one Bitcoin, let alone several (or several hundred).

Then I read stories and articles that indicated that this was expected; less a “barrier to entry” than a psychological limitation.  This was deflation at work, and BTC is divisible (currently) up to 8 decimal places (this is an artificial limit… it can be increased even further, but would require software changes), with .00000001 BTC regarded as a "Satoshi", and .001 BTC a "milliBitcoin" and .000001 a "microBitcoin".  People could still purchase these, and there were enough available that every man, woman, and child on Earth today could have about 300,000 Satoshi.

Instead of an economic problem, this was a marketing problem. "Point zero zero two seven five Bitcoins for your coffee, please" doesn't roll off the tongue easily, but "That'll be two seventy-five em-bees, please" does.  mBTC is the current milliBitcoin designator, and uBTC is the current microBitcoin designator.  You might also start seeing "XBT", which is the official ISO designation since alternative currencies start with "X".

Anyway, until things are rebranded and made more psychologically acceptable, I was afraid of a drop in the exchange rate, and therefore my current wealth.  I wanted something to preserve that, and Coinbase wouldn't cut it because to move from USD to BTC took too long (still 5 days, transferring between bank and Coinbase), during which time I would be unable to take advantage of market movements.

So I signed up with an exchange.  Two, actually.  There's Mt. Gox (which stands for Magic The Gathering Online Exchange ... seriously ... I'm not kidding ... belying its roots), which was early in the year the most popular Bitcoin exchange.  The difference between Coinbase and an exchange is that an exchange, like TD Ameritrade, Schwab, optionsXpress, etc., will hold both U.S. Dollars (or Euros, or whatever your local currency is) as well as your "position" (in stocks, or coins, or currencies, depending on the exchange and its markets), and trades between the two are nearly instant (well, instant upon execution of the trade, assuming that both a buyer and a seller exist).  Since BTC is (currently) largely unregulated, there have been reports of shady exchanges "fixing" prices and "driving" BTC prices for their own ends, and early on I avoided them.

I was surprised to learn that China had gotten into the BTC business and BTC-China was then (in November) the largest exchange by volume.  Recently (Dec. 3-5), the Peoples Bank of China came out with a statement banning Chinese banks from Bitcoin transactions (at least until they understood it and had regulations in place), although citizens and exchanges were still free to operate and exchange the currency.  The news announcement was followed by a sharp drop in the exchange rate, which had hit $1250 according to some reports.

Fortunately, I had already signed up with an exchange, moved my BTC in, and moved them to USD before the worst of the drop.  I expected BTC to crash and crash hard... like going back down to Aprils prices of around $100 each.  That didn't happen.  Over the past few days, BTC dropped to as low as $651, but then started rising again, much to my surprise.  As I write this, it is trading at $936.98.

Alright, but in late November I realized I didn't want to have to constantly monitor BTC prices to learn when to buy and sell, so I began looking around for some algorithm or program that could buy low and sell high, watching the market in the background and looking for trends to determine when and how to act.

I ran across "Butter-bot", which runs as a Chrome extension and hooks up to Mt. Gox (Japan), BTC-e (Russia), and Bitstamp (Slovenia).  It uses well-established Foreign Exchange (Forex) currency trading algorithms (exponential moving averages, or EMA's) that you can adjust to achieve the results you want.  Since these algorithms work on trends, they won't necessarily stop you from losing a lot of money during a rapid crash, or be able to take advantage of a rapid rise (if you're currently holding fiat), but those are the breaks.  You can enable or disable the bot if you happen to notice the market making rapid moves that you want to take advantage of.  Let me know if you're interested (they have a referral program).

The way I see it now, if the market drops, I gain BTC (if I am holding USD at the time).  If the market rises, I gain USD (if I am holding BTC at the time).  Either way, I gain something that has value and utility.

After researching the supported exchanges, Mt. Gox is on its way out.  Their exchange rate is typically higher than the other two because it is difficult to withdraw USD from them.  It might take four weeks, or never.  I have seen vague reports that they were somehow involved with Silk Road and used Dwolla to transfer USD, so during the FBI take-down of Silk Road, their U.S. bank accounts and holdings were seized pending investigation.

BTC-e reportedly has no such issues, but I simply don't trust the Russian government, so BTC-e is out for me.

Bitstamp, on the other hand, is interesting.  They have proactively learned the lessons from Mt. Gox, have implemented their own anti-money laundering and counter-terrorism policies.  They offer different ways to withdraw and deposit various currencies, and their exchange rate is typically slightly lower than the current rate reported from Coinbase.  Even if it is ever difficult to get USD out of Bitstamp (it isn't, but it requires a wire transfer, which might incur its own costs), I can always move BTC directly to Coinbase and sell for a rate that is usually slightly higher than that reported on Bitstamp.

Bitstamp it is, then, but I'm still researching their owners, background, business practices, the Slovenian government and any laws that might be in place to provide some protection or recourse for unforeseen events.

--

BTC tips and donations are welcomed!
Donate Bitcoins

 

Friday, July 05, 2013

Moving from Windows to Linux

I am primarily going to use this blog over the next several months as a way to keep track of my progress (or lack of it) in migrating my home network from a Windows-based network (with some Xbox, iPads, iPhones and Android phones thrown in for good measure) to a Linux-based network.

The first machine I'm migrating is a Fujitsu Lifebook T901. It was running Windows 7, with a lot of games, media programs, and developer tools.

The intention is to get Ubuntu 13.04 (Raring Ringtail) installed (though any Linux-based system will work for my purposes), and get it up to a point where I can be as productive (and entertained) on it as I have been on Windows. As soon as that is installed, and because I'm likely to muck up the works after install, I need to image the system in a known good state; so that when I get myself in a situation I don't know how to recover from, I can simply repave the system back to my last good configuration and settings.

Hopefully, going through this migration process in a public medium like this will wind up helping others who are looking to migrate from Windows to - well - anything else.

Wednesday, May 15, 2013

Getting Hg-Git working on Windows 7 (64-bit) with TortoiseHg

Just posting in case I need to remember how to do this again.

I am using TortoiseHg at version 2.8 (Hg version 2.6).

Open a Windows Command Prompt as an Administrator, then:

hg clone https://bitbucket.org/durin42/hg-git/Path_To_TortoiseHg_Installation\hg-git”

The location of hg-git I got from the Mercurial Wiki, and on my system the Path_To_TortoiseHg_Installation is C:\Program Files\TortoiseHg.

For the next step, enabling the extension, the advice at ffuts.org / blog came in handy.  The first comment at the bottom did the trick.  Instead of updating your Mercurial.ini file with this line:

[extensions]
hggit = C:\Program Files\TortoiseHg\hg-git

When I tried this, I kept getting a “failed to import module” error when verifying the extension was enabled using the hg help extensions command.  The solution was in the first comment… instead of the above, point to the hggit directory inside the hg-git directory/repository, as follows:

[extensions]
hggit = C:\Program Files\TortoiseHg\hg-git\hggit

Once I made that change, everything started working and the extension was properly enabled.

Technorati Tags: ,,,,,,,,
Windows Live Tags: Windows,TortoiseHg,version,Mercurial,extension,advice,solution,repository,hggit
WordPress Tags: Windows,TortoiseHg,version,Mercurial,extension,advice,solution,repository,hggit

Thursday, April 11, 2013

Getting back in the saddle

I haven’t been blogging, obviously, in quite a while.  It’s time to take this up again.

So first, just a quick rundown of what I’m working on and the current issues of the day.

At home, I have been successful getting Mercurial up and running with IIS 7, though there are still some drawbacks in my current implementation that prevent me from taking what I’ve learned through this experience back to the workplace.  I am just using the built-in hgweb.cgi on IIS 7.5 currently, and that implementation does not include some functionality that I think developers would expect, such as being able to create a repository on the server, or even upload an existing repository.  I’ll need to address that before I can recommend this for corporate use.

I am also working on setting up an internal NuGet feed and gallery, which is coming along nicely.  I finally found a server at work where I can host the gallery and we already have plenty of space reserved for package uploads.

Additionally, I am close to perfecting a build process that will compile, strong name, unit / integration test (while also instrumenting referenced projects for code coverage collection), source index, publish symbols, create NuGet package and publish that, produce documentation via Sandcastle and create installers via WiX projects.

What would really be nice, on top of these capabilities, is a CodePlex/BitBucket/GitHub-like site to serve as a VCS/DVCS-agnostic project community site with Wiki’s, integrated task and defect tracking, activity reports and charts, etc.  I have heard about RhodeCode but I’m not sure if it can provide the functionality I need.

Wednesday, April 27, 2011

What Secure Code Means to Me

I’ve had the following idea rattling around my head for a while now, and I think it nicely and somewhat humorously illustrates the gravity of the situation and the importance of secure coding practices (and a secure development lifecycle).

The Story

Let’s say I’m a business user (Me) with a problem and I have a friendly IT team (Alice, Bob, and Charlie) willing to help me solve it.

The problem statement is this: “I’m getting nagged to death by my [partner|spouse|child|etc.]”, so I formulate the requirement “I want the nagging to stop.” and convey that to my willing and eager IT team.  The meeting goes something like this:

Alice: “Sure, we can do that.  It’ll be easy.  I’d give it one story point.  We can even put it in the current sprint so you don’t have to wait.”

Me: “Awesome!  Thanks a lot, you’re doing me a great favor.  I thought I’d never be able to solve this problem.  How can you come up with a solution so fast?”

Alice: “Oh, we’re going to use a cyanogen.  It’ll be quick.”

Me: (eyes glazed over at the technical term, regretting that I asked) “Alright, well, thanks again and I look forward to testing out your solution.”

Alice then promptly goes off and kills my partner.  Bob reviews the implementation and signs off on it because, well, it does meet the requirements quite effectively and, well – permanently. He may even give Alice a pat on the back for her elegant and ingenious solution.  Charlie, although he might have some reservations about Alice’s implementation, believes that it’s Not His Problem™, and if asked about it would refer you to Alice, because she wrote/executed the implementation.

A few days later it comes back to me for functional testing/user acceptance testing.  Like any good functional tester, I care that the requirements have been met, and don’t really understand or care about *how* they’ve been met.

Me: “Wow!  Whatever you guys did it worked wonders.  Thank you so much for this.  I haven’t been nagged at all in almost a week!  Of course, the car is missing…but anyway, that’s a different problem, I’m sure it’ll turn up sooner or later.  You guys are heroes.”

Alice: “Glad we could help, let us know if you need anything else.”

Of course, after a while a body (a vulnerability) is found and exploited by the police, landing me in jail for hiring my IT team to fix my problem.  I can explain and exclaim all I want that it’s Not My Fault™ and that I didn’t know that murder was involved, but the money trail doesn’t lie and I still hired my team to “fix my problem”.

The Moral of the Story:

Just because it works and meets all of the business requirements does not mean that it’s correct.

First Corollary:

Security testers care more about correct and appropriate implementations that protect the stakeholders from harm and losses.  The fact that the software works and meets its requirements is a bonus.

Second Corollary:

Software can easily be implemented incorrectly.  Correct implementations frequently take more time, analysis and attention to detail.

Monday, April 18, 2011

Git R Done

For some reason, I feel like I’ve been hyper-productive lately.  Justin seems to finally be getting his things in order and I’m helping him with his documentation requirements.  The secure coding curriculum that I’m helping to develop for my employer is moving forward at a fairly quick pace.  My chemotherapy has resumed and next steps are on my calendar, and I’m generally just ‘feeling good’.

I think part of it has to do with just being more organized and conscious of time management and putting my planned activities on my calendar (accounting for travel time as well).

I like this…let’s keep it up.

One thing that I think I could use more of is – wait for it – some sleep.  I was going non-stop from Friday at around 7am through Sunday morning at around the same time.  The 12 Starbuck's Venti’s, 2 Red Bulls and 3 Five Hour Energy’s throughout that period helped just a tad.  Caffeine works wonders.