Mike`s Blog

I love the movie. If you do too, visit http://projectserenity.blogspot.com/ and sign the petition:

• Comments (0)
• Trackbacks (0)

Miranda is a well-known and open source instant messenger. It includes support for Jabber, which basically uses the Extensible Messaging and Presence Protocol (XMPP). The XML-based protocol allows servers to request certain information from clients.

Sometimes, it is advisable to disallow software to automatically and quietly communicate and reveal certain information to others.

One of those questionable requests is used to gather information about the client software name, version and operating system (e.g. what would be called User-Agent in HTTP).

• Comments (6)
• Trackbacks (0)
• Continue reading "Patching Miranda to disallow version requests"

I've been playing around recently regarding visualization of dataflow in Java applications. It seems that there are tons of tools to inspect the control flow, but I had no luck yet finding something which can visualize the amount of data and the type of data flowing through complex systems.

Not being an AOP guru, i wondered if there was something else to use. Something, which is unobtrusive and can be applied to existing systems. The first thing i'm trying is Java's Debugging APIs, namely JDI, to automatically step through a program and record method entries.

• Comment (1)
• Trackbacks (0)
• Continue reading "Visualizing Dataflow"

What happens in the first minute after you tweet?

When you post an update to your Twitter status (engl. to tweet) which contains a URL, there is going to be some automated reaction from the network. Let's examine what happens after I've tweeted the following:



The first thing happening within seconds is that Twitter's own bot (Twitterbot/0.1) performs a request to see if the URL is valid. The IP 128.242.241.133 is hosted at dedicatedserver.com, an NTT company located in San Jose. The data center seems to be the same where Twitter itself is hosted. They do not retrieve the contents (they're using the HEAD command instead of GET), perhaps to resolve redirects from shortened URLs.

• Comment (1)
• Trackbacks (0)
• Continue reading "A tale of a Tweet"

We all know that passwords ought to be strong - strong enough to withstand common attack vectors, such as brute-force dictionary attacks or plain guessing. Most software systems with identity management also incorporate some kind of password policy enforcement and their configuration options (here, here, here and here).

There are even commercial standalone tools focusing on enforcing password policies. For example, the Password Policy Enforcer by Anixis or Specops Password Policy. Many of these products enable administrators to define policies and configure rules to prevent users from chosing weak passwords and comply to corporate security policies.

In this blog post, I'd like to show the principle steps in implementing a password policy enforcement component using flow rules, decisions and scoring (bonuses and penalties) to calculate the strength of a given password using Visual Rules. In contrast to commercial tools, which often already integrate with domain controllers, this example only shows the rules, not how it could be integrated into the Windows domain or into a web application.

• Comment (1)
• Trackbacks (0)
• Continue reading "How to implement password policies using business rules modeling"