Terry Pearson’s Blog

Programs inevitably have bugs. No matter how thorough a person is in their coding, there will almost always be some bugs in the code.

Besides running through known possible errors, you can also use software to test your code. A lot of times, the testing software can be expensive. For open source developers, expensive testing software is out of the question.

As announced yesterday, Fortify Software is in the process of opening their Software testing tools to Open Source Developers. They will test the code for free, and give a detailed report on the errors. For non-contributers to a project, they will only see basic information about number or percent of errors.

The tools that will be used include FindBugs and Fortify SCA. These tools are highly acclaimed in software testing.
Some of Fortify’s current customers for professional analysis include Charles Schwab, U.S. Navy, Microsoft, Adobe, CitiGroup, and Digital River.

I am sure that you have gone to websites that require you to “type the letters that you see in the picture.” This is often done before you apply for an account on a website.

This technique of showing you letters in a picture and expecting the user to tell the computer what the letters are is a form of CAPTCHA. To explain CAPTCHA, I will need to give you some background.

CAPTCHA, or “Completely Automated Public Turing Test to tell Computer and Humans Apart” is a system designed to make sure that the person visiting a page is human.

Believe it or not, there are robot programs that surf the internet. The bad ones are designed to harvest email address from websites, attempt to exploit commonly known security vulnerabilities on servers, and to sign up for email and forum accounts and produce spam like crazy.

Email and Forum websites have answered these robots by producing “tests” that only humans should be able to do. The simplest way to test this is by providing a picture, that the human can quickly interpret as text, but a computer would think was just another picture.

A site called “Coding Horror” has a really good article on how to make your CAPTCHA most effective.

A Fox News Story came out today saying that one in three individuals writes down their passwords. At first glance, this shows responsibility, and carefulness.

But, a closer analysis will reveal something completely different. Though people have good intentions, writing down passwords is a very bad idea. If you write down your password, someone can view it.

It may not even be in your office, or wherever you keep it. It could be that you accidentally throw your password away. After going out to the trash, it is basically fair game for everyone.

There are individuals who “dumpster dive” for such things. They know that most “secret” documents end up getting thrown away without a care in the world.

So, do yourself a favor, memorize your passwords. And change them every once in a while as well!

If you followed the links on my last post, one of them would have taken you to the Torpark web browser download page. When downloading Torpark, you are given an md5 checksum number. I am sure that a lot of people do not use checksums, and really do not understand their importance. Checksums are used to verify that a file that you downloaded is actually the original.

To put it in basic terms, a checksum number is a unique number generated from a certain algorithm that is run on a file. If the file has any differences at all from another file, the checksum will be different.

These checksums can be important. Let’s say that I broke into some download mirror, and replaced one of their popular files with one of mine. Maybe the software ran the same, but I added a basic instruction to log keystrokes and send them to a server of my choosing. Since you just innocently downloaded the file (and from a trusted source) you have no idea of this added functionality found in the program.

If you had checked your download against the checksum located on the website, you would have noticed that a different number resulted from the checksum. You would have known right off the bat that the file was corrupt, and that you should try to download it again.

In order to use an md5 checksum, all you need is a program to check the md5 that results from a given file. I would recommend ChaosMD5 2.0 by Elgorithms. There are many other great MD5 checkers, this is just the one that I use.

To use it, click the folder icon on the right to browse to a file that you wish to check. This should be the original downloaded file. After selecting the file, click the “Generate MD5” button. A few seconds later, your MD5 should be generated. Compare it with your original (from the download website). If they are the same, your file is OK. If you have different numbers, DO NOT use the file. Get rid of it and try again.