Saturday, 21 May 2011

I missed the Rapture. Again.

I just have to add my 2c worth on the Harold Camping Rapture prediction since nothing much happened today, well certainly not anything like the 'return of Christ'. Some of us think He is around all the time anyway so that doesn't make a lot of sense really.

Here's a little thought experiment.

The Rapture happened in 1998. Only about 20 people went and they're on various missing persons lists around the world. Most of them were Buddhists, so it came as a nice surprise for them. For the rest of us, well, we're still here and we have to put up with what we have. Fortunately that's not too bad. How would you disprove this?

But, even stranger, the earth was created in 1922, 28 September, 18:02:23. I can do numerology too, you know. It appeared with the rest of the universe fully formed. The people who were instantly created then were loaded with 'memories' that convinced them they had been around for a while. This is similar to the dinosaur bones being buried to make the earth look far older.

Yes, this is complete nonsense, and impossible to disprove as well.

Today's prediction was accompanied by people offering to look after your pets if you were taken. The carers are certified atheists and regularly blaspheme to ensure they'll stay behind. But how do they know your dog won't get Raptured as well? There's no evidence either way on that, I think. And I wouldn't be so certain the atheists (like the Buddhists) won't get a surprise on the day. A lot of people seem to miss the 'saved by Grace' bit in the Bible. It's actually the most important bit. But it is not a way to get anyone to do what you want, so it is often overlooked.

Still, we're still here, so far anyway. Mrs pointed out that the prediction probably didn't take into account the lost 11 days in the calendar. So maybe we should wait 11 more days. Or not.

I'm frantically working towards a trip to Thailand next week. Mrs also pointed out that maybe we should check they are still there before heading out. Maybe it really was Buddhists who get Raptured.

Wednesday, 18 May 2011

Mac Defender is malware but not a virus

You're walking along a dark alley.
"Psst, wanna try some of this?" The stranger is holding a hypodermic needle and you can see some green fluid in the vial. "It's real good."
"Oh, sure, why not." You hold out your arm.

With just a little more social engineering this is what people are doing to get the latest Mac 'virus'. Of course it is called a computer virus but it isn't. If you got ill after accepting the shot of green fluid you couldn't say you caught something 'accidentally' which is how you'd catch a cold. You did something really dumb and suffer the consequences.

Strictly speaking the 'Mac Defender' (it goes by other names as well) is a Trojan that relies on social engineering. This is a fancy way of saying that the bad guys convince you to install it by pretending it is something else and then you are screwed. Trojan is from Trojan horse, which was a horse statue the Greeks gave to the Trojans, but they filled it with soldiers first. When the Trojans took it inside their gates the soldiers jumped out of the statue and attacked. The rest is history.

Mac Defender pretends it is from Apple, which is certainly not Apple's fault. I'm not a fan of Apple but they are squeaky clean here. People download this thing, install it, give it their root password and then find it insists on showing porn images at random moments (inevitably the worst moments, of course) and claiming there is a virus on the system. They then ask for money to remove it. There's a suggestion that if you actually give them a credit card they always say it didn't work and ask for another, taking the details though.

But this is very, very different from the other ways you can get malware.
  1. Worm. This is when something out on the internet finds an open port on your machine and slips in. You didn't do anything, other than leave a port open, it just crept in when you weren't looking.
  2. Dumb Trojan. When you think you're just opening an email attachment or browsing to a URL and in behind evil stuff happens.
In both of those cases you could reasonably assume the computer would protect itself. In the Mac Defender case you actively overrode all possibility of the machine protecting itself, which is quite different.

Operating systems like Mac and Linux are based on Unix which have some inbuilt protections that make it very, very hard for malware to break in as Worms or Dumb Trojans. We have to accept that the odd security bug in the operating system will arise (and will be quickly fixed) but it is generally true that Unix based operating systems do not see this kind of malware.

It is not the case with Windows which is lacking three advantages Unix has.
  1. The execute bit. To be executable a program file must have the execute bit set. This is not set by default on, say, attachment files that you save. This means that malware code has to figure out a way to get you to set the bit, usually manually, so you have to know.
  2. Root access. Unix has a strong separation between the privileges of the admin or root user and the rest. People don't normally run as root unless they really have to because, say, they are installing software. So just running some program either from a network port or from your desktop is limited in the amount of damage it can do. Malware writers find these limitations boring. They want to trick you into giving them root access. Again, that's going to be a manual thing you know about.
  3. The distros. Unix software typically comes from packages distributed by distros rather than downloaded from random sites. It is unlikely that malware gets into these distros, but if it did it would be cleaned out very quickly. For Windows users: the distros work a lot like Windows Updates but they update everything and install new software. Unix can do this because the software is generally free so it doesn't have to figure out how to charge you. I'm not sure what Mac's distro arrangements are.
But the only way to guard against malware like Mac Defender is to deny users root access to their own machines. This is why a lot of cell phones don't come 'rooted' by default, they don't allow you to be the root user. We already see this trend moving into tablets and maybe it will be found in laptops and desktops soon too.

Sunday, 1 May 2011

Schema Builder

Say you have an existing database. You access it with JDBC and you maintain it with SQL scripts.

Life is hard because you have to coordinate changes to the SQL with chages to the Java. This is why Hibernate and similar tools were invented. There are tools which will look at an existing database and build the right entity classes so you to can use JPA.

My experience with those tools has not been very good. But once you have the entity classes you can say those classes are the 'master' definitions of the database objects. You don't maintain SQL anymore, you generate it from those entity classes. You get all kinds of advantages with this which the Hibernate people can tell you about.

But you can go a step further. Say you decide that you would really like all your entity classes to have the @Cache annotation added. Say you want them all to have a specific toString() method. If you are using the entity classes as master you have a lot of editing to do.

Using an XSD file along with HyperJAXB3 to generate your entity classes means the XSD is now the master. For the @Cache and toString() cases you can just change the generation options and rerun the generation. This is very easy. You have a lot of other options around injecting standard code into your entities that you did not have before. Some of them (like toString()) may require you to write a JAXB plugin but most, like the @Cache, do not. This is because there are a lot of useful plugins already out there such as Annox and Madura Objects.

But you still have a problem. How do you get from your SQL database to your XSD file without writing it all by hand?

That's where you use schema-builder. It scans your database using JDBC and generates the XSD file you want. It figures out the OneToMany and manyToOne relationships based on the foreign keys you've set up already.
There are some restrictions:
  • Not all JDBC data types are supported, though the most common ones are.
  • ManyToMany relationships are not handled
  • We don't handle multi field keys.
  • Inherititance relationships are not detected.
 To get around the last three just generate the XSD and edit it. You should regard the generated XSD as almost correct but which needs tidying around those three points. To add more data types needs code changes, not hard but there are a lot of obscure data types and I just added the common ones.