Month: February 2007

Google: Hard Disk Drive Failure

Failure Trends in a Large Disk Drive Population

Another interesting little thing that I found, published this month, the paper outlines several conditions that are often perceived to be the cause of hard disk failure and, using the data that they have gathered from the hard disk in their server farms, have compiled some interesting statistics. It is, though, a technical paper – so not suited to everyone’s tastes, but it is quite a quick read.

Unfortunately, they don’t release the data about which manufacturers and models have the highest rates of failure, although it does refer in several instances to one hard disk manufacturer – for example: “When examining our population, we find that seek errors are widespread within drives of one manufacturer only…”[p. 9] It would be nice to know which this is, so they can be avoided; still, perhaps that is the very reason for why they did not publish the name.

RFID tags

Prompted by: InfoWorld Video | InfoWorld | RSA IOActive

While I was aware of this issue before now, the video in the article prompted me to write something. As I’m also procrastinating, it seems like a good idea to me.

RFID tags are the bits inside those cool little cards or dongles that you can wave at a reader to let you into a building. They’re widely used on campus, and I’ve also seen them used in the more modern apartment buildings for the main door. Unfortunately, these aren’t quite as secure as everyone would like to think. The video shows a compact sniffer device that can be used to record the signal that an RFID tag sends out, then replicate it at a later point, alowing them to impersonate you.

Obviously, this situation could easily be resolved by having a challenge-response system: both the system and the card know the card’s “password” – the number that’s is hard-coded into it, the reader sends out a challenge string, the card encrypts the challenge with the password and transmits the result, the reader checks the result against the expected answer, and access is either granted or denied. Simple… unfortunately, not so.

In the majority of cases, the RFID tag is passive, meaning that it does not have its own power source, it gets its power from the signal it receives from the reader. Thus, it is difficult to integrate the encryption hardware without increasing power requirements. Other methods include a rolling response – the response changes with each access – and many others. Hopefully, though, we see one coming into mainstream usage soon, as I don’t think it will be long until these devices become readily available.

Snow!!!

I woke up today, around 07:30, and was greeted by the sight of lots of nice, white, pristine snow. Put me in a good mood right a way; quite a feat considering that I’m in no way, shape or form a morning person. However, all good things must come to an end, and my morning was marred by the prospect of slogging to lectures in this weather. So, I continued my morning routine, ignoring the conditions outside.

Fortunately, this morning I was getting a lift in from my boyfriend, Rob, so I didn’t have to hurry too much. The second we left the house, though, we noticed a slight problem: the roads had not been gritted overnight. Traffic was moving at 20mph at the very most, and conditions weren’t great with all the snow and slush. It took us about half an hour to make a 15 minute drive.

It’s odd that given the recent frosty weather, the roads have been nicely gritted every day this week, but the one day that it’s most required is the day that the gritters stay at home by the fire. Bah humbug.

RSS with HTTP authentication

For those of you not familiar with RSS, I’ll describe it briefly; RSS is a particular format of XML document that is often used by sites to provide a “news feed” to subscribers, this news feed can then be read by an RSS feed aggregator, and new items on the site can easily be disseminated to describers.

HTTP, as most will recognise as the protocol we use to fetch resources when we browse the web, has some rudimentary built-in authentication facilities, and although the idea of using these with RSS is not new, it surprises me that the technique is not more widely used.

Advantages of using authentication with RSS feeds provide several possible applications: firstly, it allows sites to provide “members-only” content; secondly, it allows users of a site to select content based on their interests (provided the site had such functionality); thirdly, and of more import to sites than to users, it would allow targeted advertising to be delivered to users.

The easiest way to implement authenticated HTTP would be to respond with a 200 response upon receipt of either correct auth data, or no auth data. In the latter case, the server would send out the public RSS feed; in the latter, the server would obviously send out the private version. In the case of incorrect auth data being provided, the server responds with a 401 response, just like any other authenticated transaction.

The downside to the above method is that the user won’t be made aware if a personalised service is available. If we slightly fudge the meaning of the 401 response, we can do the following: on recepit of either incorrect auth data, or no auth data, the server responds with a 401, and the body of the document contains the public version of the feed. When the server receives correct auth data, the server sends the personalised data with a 200 response.

In this manner, the client knows if a personalised version is available, because it knows that it sent no auth data, but feed data has been received. Furthermore, it knows if personalisation is not available, since it will just receive the 200 reply if it doesn’t send any auth data.

I’m sure there are other methods of providing the same service, these just strike me as the most intuitive that don’t require separate URLs for subscribers and non-subscribers.

Google Reader

I’m a self-confessed Google lover; I have my google homepage, my gmail, my google calendar, and various other bits and bobs. Thus, it should come as no surprise that when I found a funky new application in their labs about a month ago, I signed right up.

Google Reader is a web-based feed aggregator. It’s still in beta, so there are a few bugs here and there, but by and large it’s quite a nifty little piece of software. Interface-wise, it looks rather like GMail, RSS items are listed rather like e-mails would be, and you have the ability to apply your own tags to the news items. The feeds themselves act like folders, and can be sorted in their own folder hierarchy.

A nice little feature of Google Reader, though, is that you can mark items that you particularly like as “shared”, and these shared items can then be viewed by other people, with the link, or can be displayed on your own website.

On the subject of bugs, the only one that causes me any real annoyance is that, occasionally, one item, or several contiguous items from a feed will be duplicated. Now and then, a little red bubble will appear top centre saying “Oops there’s been an error”, but nothing obvious happens; once in a while the interface will just refuse to load, but this is always fixed by a refresh.

Up and running again

As you may already know if you checked the site in the last few weeks, I recently changed web hosts. My old host (portugalnetworks.com) wasn’t too bad, it was incredibly cheap ($12 [~£6] for a whole year), but the server performance reflected the price, unfortunately – downtime was high, along with the various other problems. So, I changed. I moved to DreamHost, which is admittedly significantly more expensive, but provides much more in terms of features – see for yourself

I can’t resist my inbuilt student moneygrabbing tendencies, so I’ll just say: if you do find yourself thinking about signing up, put me as your referrer :D. I’ll leave it at that.

Anyways, I decided to go with WordPress this time, rather than b2Evo, because it offers much better anti-spam facilities, as that was becoming a nuisance toward the end of January. So, now that I’ve got something up, I may even find myself updating a bit more often than I did in my site’s previous incarnation.