Dev411 Blog

This article was initially focused on the T61p's fingerprint reader and IronKey; however, I've expanded it to cover other options as well. Since the fingerprint reader has turned out to have little value in the way of security, I've turned my attention to the bulk encryption hard drives and encrypting file systems.

I've been discussing IronKey; however, other hardware crypto tokens such as smart cards and USB tokens may also be solutions.

Fingerprint Reader

After playing with the ThinkPad T61p fingerprint reader, I got thinking whether it would be useful to tie an IronKey USB key to the laptop fingerprint reader and/or require the IronKey to be present for the ThinkPad to boot. Furthermore, the laptop's hard drive could be encrypted by a key stored on the IronKey. Some interesting things to think about.

Does anyone know how secure the ThinkPad fingerprint reader actually is? The NotebookReview Forum has a thread fingerprint readers.

In the old software days with point releases, major versions would increase from 1 to 2 to 3, etc. Releases in between major versions would point releases along the lines of 1.1, 1.2, 1.3 and smaller releases would be 1.1.1, 1.1.2, 1.1.3, etc. Then came along Windows 95 and the exit of sequential version numbers. With this naming scheme you really can't have Windows 95.1 so we now have Releases, along the lines of Oracle 11g Release 1 and Windows 2003 Server Release 2. You can pretty much guarantee that there isn't going to be an Oracle 11.1g ;)

That's all fine and good from a marketing perspective if the reason is that we are now using a year or abbreviation instead of a simple integer but are there other technical reasons? I recently upgraded from Apache httpd 2.0.x to 2.2.x and the major thing that I encountered was that configuration had changed significantly and that I had to redo my conf files. I've spoken with some people that indicated many organizations are afraid of point releases for enterprise software because they often break things and are not necessarily smooth upgrades. This fit with my Apache httpd experience which got me thinking.

If there exist enough backward compatibility problems with point releases, it would make sense that software publishers would want to avoid point releases (at least from a marketing perspective), when the release is backward compatible, e.g. Releases for former point releases, Service Packs for aggregated patches and the like. Has the single point (vs. double point) release come to mean that backward compatibility has been broken. If so, should it be avoided from a marketing perspective when backward compatibility still exists?

There is a lot of choice on the CPAN for open source Perl libraries and sometimes it's difficult to get an idea of how modules compare to each other. CPAN Ratings is a good source of reviews but it's not convenient to compare one module with another. To provide a partial solution, I whipped up a quick CPAN Compare page which will pull the CPAN Ratings from a number of modules and summarize them for you.

I just recently picked up a digital voice recorder (aka DVR, not to be confused with digital video recorders) for recording conference calls and meetings. In three short meetings I have become a true believer. I always taken detailed meeting notes but that was because I would write notes during the meeting. With a DVR, I can concentrate on running the call and going back to catch the details later.

For my first DVR I picked up the Olympus DS-30 from FRYs. The benefits that I keyed in on where the large-looking stereo speakers and the noise reduction. Since this is my first DVR I was easily impressed by the utility of it. So far I've recorded and played back on the device, copied the WMA files off using it as a USB storage device on Win XP and converted the WMA to OGG Vorbis using dbPowerAmp. The only thing that doesn't seem to work is the CD that it came with. XP would not recognize it at all but at least I don't need since it doubles as a USB device.

Although it meets my current notetaking requirements easily, I've been thinking about whether it'd be good to use for recording podcasts. My current issue is that it records in WMA and not a FOSS standard. After looking over a number of DVRs, it seems that the higher end ones use WMA, LPEC, DSS, etc. but not common music formats such as MP3 and OGG. What native format do you think is the best for DVRs? Is it fine to record as WMA and convert to OGG Vorbis or are there better options?

I don't know too much about voice recorders at the moment so I'm easy to please. Which ones do you like and what are important features for you?

I've worked on a number of database-driven projects and no matter how much people want database abstraction, it was always difficult to code and maintain. I was recently reminded of this when I read this Drupal article on dropping PostgreSQL support. Not only can it be difficult to maintain support for multiple databases, but it may be difficult to find developers.

One solution of modern programming is to move database abstraction from the code to the infrastructure using a ORM (Object-Relational Mapper) or Data Mapper. A ORM and Data Mapper abstracts the database for you so you no longer have to do tie db abstraction to each app. Not only does it let you code once for multiple databases it lets your users migrate their data from one database to another. This blog runs Typo which is based on Ruby on Rails and ActiveRecord. I've been contemplating migrating Typo from MySQL to PostgreSQL and I've been told that it would be as simple as exporting the data with YAML, updating the database.yml file and importing the data. I haven't gotten around to doing it yet but it is a powerful idea. ActiveRecord is a data mapper and isn't as flexible as a full blown ORM but it gets the job done for the most part. For a full-blown ORM, I think of Perl's DBIx::Class which provides a full OO interface to the RDBMS allowing you to code just once for multiple DBs without limiting you when you want to use some esoteric database-specific SQL. DBIx::Class is often used with the Catalyst Framework but is also used by itself.

There are PHP frameworks out there like Symfony and Cake but do any of them have stand-alone ORMs? If so, could Drupal move to something like that and solve their maintainership problems once and for all? Drupal is part of the Go PHP5 effort so there should be no issue using PHP 5 OO. Something to think about for the Drupal folks if a PHP ORM is available.

There has been a lot of talk about OpenID so I decided to take a look at it and think about some of the potential issues with respect to broad adoption and integrating it into a website as a relying party. There have been numerous attempts to either improve the security of authentication via the web or improve the usability with SSO (Single Sign-On) including client SSL, OTP tokens, USB tokens, AmEx Blue smart cards, Microsoft Passport, Verified by Visa, etc. Many of these had SSO capabilities but none has been able to supplant local passwords. It will be interesting to see if OpenID can succeed where these others have failed. Here are my thoughts after watching two screencasts but before following the mailing lists. I'm now reading the list archives and it seems a number of similar issues are being discussed.

I just installed MediaWiki at an organization to manage some information I was researching. The primary reasons I chose MediaWiki were (a) it's open source, (b) it has auto-TOC (table of contents), (c) it has auto-categorization and (d) I was familiar with it already. I ran into some rough spots during the Win2K3 R2 / IIS 6.0 installation getting PHP 5.2.3 and the php_mysql extension working but other than that the installation was pretty smooth. It seems that the php_mysql extension that comes with PHP 5.2.3 doesn't work and you need to get it from PHP 5.2.2. Also, rebooting after installing PHP from the MSI helps but that doesn't seem to be mentioned in the installer. The other issue is that IIS doesn't seem to come with rewrite capabilities so I tried a third-party rewrite filter before tabling that for now. It's hard to believe that IIS doesn't have rewrite capabilities.

Some "Enterprise Wiki" solutions include Confluence and SocialText but I don't have any experience with these.

Which wiki do you like for "enterprise" purposes and what features do you find to be key? Do any other wikis have auto-TOC?

If you are running a site without a subdomain, e.g. http://dev411.com and need to maintain cookie-based sessions across other server names with subdomains, e.g. blog.dev411.com and wiki.dev411.com, you will need to customize your session cookies.

To have your session cookie be used across multiple subdomains, set a wildcard domain which starts with a dot followed by the base domain name, e.g. ".dev411.com", which will make it qualify for all subdomains of dev411.com. This, however, will not work for http://dev411.com where there is no subdomain.

The have the same session used for http://dev411.com, set a second session cookie without domain. This way the domain-less cookie will be used for http://dev411.com and the wildcard domain cookie will be used for all subdomains.

Catalyst 5.7007 will only set one cookie per cookie name, however, this solution works best when you can set both cookies with the same name but different cookie domains. I put together a quick patch for Catalyst::Engine to allow multiple cookies when the cookie value is set to an arrayref.

I finally got around to upgrading from Typo 4.0.0 r1188 to Typo 4.1.1 and it was pretty smooth. I had held off for a while because Typo was changing a lot under the covers with some much needed refactoring and I have a few hacks I didn't feel like modifying with every minor update.

Some considerations when displaying dates and times on a website include showing delta times, customized timezones and caching. Often it's nice to show a delta time like "10 minutes ago" or "5 days ago" to give readers a frame of reference instead of an absolute date. When the date is far enough in the past and an absolute date becomes desired, customizing the date to the user's timezone is useful. And if your site grows large enough that caching becomes useful, finding a way to display customized deltas and timezone information in a cacheable static page becomes an ideal solution.