Rodiq » Posts for tag 'Software'

securitatea datelor si organizarea it

In ultima perioada am avut nevoie cu diverse ocazii sa accessez, cu buna intentie, o serie de baze de date si configuratii, cu acceptul proprietarilor, dar nu neaparat cu ajutorul celor care au facut setarile initiale.

Ce am observat:

- uneori totul e foarte bine pus la punct, de it se ocupa un singur om compentent care o data la cateva saptamani se mai logheaza doar sa vada daca e totul in regula, sau  un departament intreg, la birou tot timpul

- sau este foarte usor sa rezolv totul, pentru ca toate echipamentele / bazele de date au ramas configurate cu setarile “din fabrica”

- fie oamenii au schimbat setarile, insa au pierdut parolele …noroc aici cu intuitia.

Evident mai este si cazul retelelor in care absolut totul este blocat din principiu, ca trebuie sau nu, nu se stie niciodata … dar acest caz eu personal il intalnesc mai rar, mai exact il evit cu consecventa.

Tristul adevar e ca exceptand cateva cazuri, in marea majoritate a situatiilor intalnite, desi oamenii nu isi dau seama, se bazeaza pe un sistem informatic foarte vulnerabil si foarte ineficient. Un singur calculator virusat sau o parola lasata cu valoarea initiala, fac ca accesul la informatie sa fie o joaca de copil. Mai trist este ca dupa ce reusesti sa accesezi relativ usor aceste informatii, trebuie sa justifici cumva, oamenii se simt atunci foarte vulnerabili si tendinta lor naturala este sa te atace, desi nu ai nici o vina ca ai descoperit o mega vulnerabilitate. Si mai trist este ca practic vorbind, o data ce un om tehnic are acces pentru cateva minute la un sistem it, ii este de obicei foarte usor sa transfere  date, dar fara acces nu se poate rezolva nici o pb tehnica majora. Si mai adevarat este ca mult mai probabil un angajat suparat va pleca cu date, nu un tehnician care la un moment sau altul a avut acces la sistem.

Mi-a placut insa cand:

- am intalnit cazul in care omul de la IT nu avea aparent nimic de facut, pt ca totul mergea struna (acesta cred eu este semnul ca la IT este cine trebuie, desi pare ca nu are nimic de facut, de fapt este un om experimentat si super organizat, si de cele mai multe ori prevede problemele inainte de a avea loc, sau daca apar, le rezolva inainte ca utilizatorii sa le observe).

- am intalnit si cateva cazuri in care toate parolele (calculatoare, servere, routere, baze de date etc.) erau schimbate si mai ales managementul avea pus bine un caiet cu toate aceste parole notate ordonat. Povestea cu admin-ul care a plecat si nu mai stie nimeni nici o parola, este banuiesc foarte familiara tuturor, iar aceasta rezolvare mi se pare cea mai eleganta.

N-am vazut insa decat foarte putine calculatoare desktop sprintene (probabil proaspat reinstalate). Suspectez ca marea majoritate s-au invatat cu lentoarea windows-ului, incarcat de virusii si antivirusii aferenti, si nici nu isi dau seama cat de repede ar putea sa mearga totul pe un desktop ubuntu linux de ex. Astept momentul cand sefii isi vor da seama cat timp pretios pierd oamenii asteptand si asteptand si asteptand calculatorul sa raspunda la comenzi. Cam cum pierde bucuresteanul in timpul trafic, comparat cu cele 10-20 min pe care le petrece un locuitor al Parisului pt a parcurge distanta dintre oricare 2 pcte ale orasului.

Subiectul este vast, am atins doar cateva aspecte care mi s-au parut mie de mare interes pt toata lumea. Tratamentul aplicat recunosc este simplist dar practic, de altfel nu este un domeniu in care sa fiu specialista, doar am vazut cateva lucruri bune si cateva lucruri rele, in diferite contexte, si am facut niste conexiuni.

hibernate level 2 jboss cache

After struggling throw a maze of documentation about jboss treecache, here are the things I would have liked to read somewhere, but found out by trial and error (and with the help of Adi and Len, thanks again!):

- to configure a cache for hibernate, the best documentation and source of jars is www.hibernate.org – they struggled to determine  a good combination that just works

-in the exact release of hibernate you are using there are the jars for all recommended caches (ehcache, treecache, oscache etc.) and a short file explaining what jars you need for each cache

-a comparison between all caches is found here in the hibernate documentation:

http://www.hibernate.org/hib_docs/v3/reference/en-US/html_single/#performance-cache

For me treecache was the only option, as i needed a “cluster safe” solution. Ehcache documentation mentions distributable feature, but apparently (as it results from hibernate documentation) ehcache in combination with hibernate it is not quite cluster safe.

As I tested with jboss, i downloaded exactly the hibernate version that came with my jboss, and took only jgroups.jar, there was already available the jboss-cache-jdk50.jar and did not copy jboss-cache.jar (i searched for the hibernate jar in jboss installation and looked at the manifest to find the exact version, then downloaded the full release of that version from hibernate.org)

My mbean configuration in hibernate-services.xml (the equivalent of a hibernate.cfg.xml):

<attribute name="CacheProviderClass">org.hibernate.cache.TreeCacheProvider</attribute><attribute name="QueryCacheEnabled">true</attribute>
<attribute name="SecondLevelCacheEnabled">true</attribute>
<attribute name="StatGenerationEnabled">true</attribute>
<attribute name="UseStructuredCacheEntriesEnabled">true</attribute>

The treecache.xml contains the specific cache configuration, I copied it without any change from the etc directory of hibernate release (it is the “pessimistic” configuration) into my .sar root.

Good, after all this, it just works, but do not expect any miracles, in order to actually use the cache, you should make changes in your code and hibernate mappings, as explained in the hibernate documentation. These changes may be particular for the cache you installed, for instance “read-only” usage is not supported by treecache, “transactional” is recommended.

In the class mappings the cache attribute is required for the objects that will use the cache:

<class name="..." table="...">
  <cache usage="transactional"/>
...
    <bag name="children" table="..." inverse="true">
    <cache usage="transactional"/>
    <key column="PARENT_FK" />
    <one-to-many class="...."/>
  </bag>
....
</class>

The queries that shoud have the results cached need to be marked as such (and the query cache shoud be enabled in hibernate configuration):

query.setCacheable(true);
Query query = session.createQuery("...");
query.list();

Hope it helps, I still stick to my opinion that using a cache is a final option, it’s always better not to need it…

Intrepid Ibex – the review

I as waiting for a long time for this new version, specially for the new sound card drivers on my laptop (dell latitude d820), the quality of sound was bad, and with ubuntu 8.10 it is now impeccable.

As i had only a few hours available, but seen on len’s post that the upgrade does not take that long, I gave it a shot, and it was the fastest upgrade ever.

The method:

- backed up all my data on an external hard disk (/opt, /etc, /home/)

- backed up my email from evolution (the option: File->Backup settings->Save, to restore File->Restore settings). This worked like a charm and for me was a big step forward, as I usually spend half a day to restore my emails (I have about 2 giga of emails in more than 30 folders and  40 email filters … ).

- installed ubuntu from the cd

-used len’s steps to restore tomboy’s notes, pidgin, mozilla, ssh keys, also restored from hdd my data (/opt, other applications/documents) and of course my email, after which I hurried to install spamassasin

- installed native nvidia drivers and other packages like acroread, firefox plugins, gqview, skype, googleearth, audacious, lastfm, ssh, openvpn, mplayer, emacs. But first I installed medibuntu, a repository of packages that cannot be included into the Ubuntu distribution for legal reasons, more details at www.medibuntu.org.

I am very happy with the upgrade, now I have:

- excellent sound quality

- nice graphic effects that actually work (I tried to use them in previous versions, but I disabled them as they seemed to use to much computer power)

- to make the transformation complete, a nice new background from interfacelift.com

a nice theory about google

I was thinking these days, as for us romanians is more visible now that everything has an end, from real estate boom to microsoft power, that Google is the new microsoft, having more than 80% of the search market on the net, and I thought it is bad, even though they do not show big signes of monopolistic behaviour.

And then I had a “revelation”. That for Google , the clients are not the people searching the internet, but the companies that use internet for advertising. But companies also use television, radio, newspapers, street posts for advertising. In fact the list is infinte, each day a new method is invented. Google can not say: we rule the world, if you want to advertise, you must pay 10 euros per click, cause the companies will say: you are too expensive, a tv spot will do better.

So maybe they cannot be a monopol after all?