OHMS BLOG

Wednesday, May 25, 2011

privacy technology

Your unencrypted network traffic is vulnerable beyond the Wi-fi access point

Whether it's your Facebook identity or your Google Calendar traffic, there has been plenty of coverage lately about unencrypted information being sent to websites. What annoys the hell out of me, however, is this notion (coming from people who should know better, might I add) that these issues are only a problem if you're connecting to the internet via unsecured wi-fi.

This is complete and utter nonsense; the only thing that secured wi-fi gives you is a higher barrier to entry!

Consider this mental exercise: What happens to your data after it travels past the wi-fi access point? It needs to travel the remaining hundreds or thousands of kilometres to the website's data centre. If that information is unencrypted at the application layer (let's say via HTTP), it's just as visible by somebody intercepting it as it comes across the wire as it was over the unsecured airwaves. Wi-fi encryption is at the link layer, so it's only going to protect your data as it travels from your device to the access point; from then on, it's open season.

I don't dispute the fact that it's easier to snoop on unsecured wi-fi than it is to monitor a wired medium. What I do dispute is this ridiculous claim that securing your wireless connection or using a wired connection solves everything for you.

Avoiding unsecured wi-fi is not the solution. Using secure application layer protocols such as HTTPS is the solution.

Tuesday, May 03, 2011

code

Oracle OCI Tips

If OCIDirPathPrepare fails with ORA-01403, check and make sure that the OCI_ATTR_SCHEMA_NAME attribute has been set on the OCIDirPathCtx handle.

If OCIDirPathColArrayToStream fails with ORA-12899, you're probably not passing in the rowcnt and rowoff values correctly. The docs aren't very clear on how to specify those two parameters, so I'll try to elaborate here a little bit:

  • rowcnt should always be the number of rows that have been set in the column array, including rows that have already been sent to the stream buffer. A column array's set rows don't get cleared until you call OCIDirPathColArrayReset. If you specify a rowcnt that is too large (i.e. it includes unset rows), you may encounter errors.
  • rowoff should be the row index into the column array where stream conversion should begin.
If you follow these guidelines, OCIDirPathColArrayToStream will process rowcnt - rowoff rows during the conversion.

For example, let's suppose that you've previously converted three rows of a column array to the stream. You have just added a fourth row to the column array, and now you want to add that new row to the stream. Set rowcnt to 4, since that's the total number of rows that have been specified in the column array. Set rowoff to 3, since you've already converted rows 0, 1, and 2.

code

Fixing the winsock header file mess

Do you write Windows Sockets code? Are you having conflicts between winsock.h and winsock2.h?


If you take a look at winsock.h, you will notice that it uses the _WINSOCKAPI_ macro to prevent multiple inclusion. winsock2.h uses _WINSOCK2API_ to prevent multiple inclusion, but it also sets _WINSOCKAPI_ to fool the preprocessor into thinking that winsock.h has already been included.

Knowing this information, we can take this a step further and suppress winsock.h across the board (assuming Visual C++):

  1. First, modify your build system so that /D_WINSOCKAPI_ is always passed to the compiler. This makes the preprocessor think that winsock.h has already been included, so it never makes it past winsock.h's multiple inclusion preprocessor directives.
  2. Create a proxy header file using the following code snippet. Instead of including winsock2.h directly, always include the proxy header instead.
#ifndef __MYWINSOCK2_H
#define __MYWINSOCK2_H
#pragma push_macro("_WINSOCKAPI_")
// We clear _WINSOCKAPI_ to avoid preprocessor warnings about
// multiple definitions of the _WINSOCKAPI_ macro, as winsock2.h will
// attempt to #define _WINSOCKAPI_ itself.
#undef _WINSOCKAPI_
#include <winsock2.h>
#pragma pop_macro("_WINSOCKAPI_")
#endif // __MYWINSOCK2_H

Release 7.0; Copyright © 1996-2012 Aaron Klotz. All Rights Reserved.