Thursday, February 26, 2009

Subversion SVN Server Problem Solved

After having too many issues with Microsoft's Team Foundation Server, we decided to look for a different code store/source control solution which would better fit the needs of our small shop. After googling around, one of my colleagues found Subversion.

I downloaded the open source CollabNet Subversion along with the open source Ankh SVN plugin for Visual Studio. Both installed quite easily and were simple enough to get up and running.

The Problem "After the Sale"
After getting everything up and running, I could not connect to the Subversion server. I followed the instructions in the book which came with the install package, googled and searched around for a possible solution to no avail. Out of desperation, before giving up and looking for another solution, I decided to post a request for assistance on Twitter. Not long after my "tweet," I received a response from Jack Repenning, CTO for CollabNet, who offered to assist me. Three email exchanges later I was connecting to my Subversion server via Ankh in Visual Studio.

The Solution
I installed Subversion on a Windows 2003 server, which also happens to be running IIS. Subversion uses Apache for its interface. I set Apache to use an odd port during install, which should have allowed it to communicate. But, according to Jack, IIS sometimes hijacks any and all web functions which does not allow Apache to do its thing. So the solution to my problem was to turn off IIS. IIS was running on this particular only because this was my Team Foundation Server box. Since we're not using TFS any more, it was an easy decision to turn off IIS and let Apache do its thing.

So far I find the Subversion/Ankh combination to be easy to use. I'll have to play with it a bit to see if it will suit our needs. It looks as though we may have a winner here.

Thanks to Jack for his quick response and assistance. For those who wonder how Twitter can be useful, here is an excellent example.

Sunday, February 22, 2009

Shin Splits Exercise Treatment

Back in the day when I was a strapping young lad I ran quite a bit. I also had occasional problems with shin splints. Shin splints is (are?) a very painful response to high-impact exercise which makes it difficult, if not impossible, to run.

I'm no longer a strapping lad, nor am I a doctor (though I'm handsome enough to play one on TV). Follow my advice at your own risk. I doubt you can hurt yourself doing what I suggest, but if you do it's not my fault! So there! Nyaa!

The Method
I was very fortunately to have been taught a highly effective treatment and prevention for this terrible malady. I can't remember the exact circumstances, but I think she said she learned it from her yoga teacher. I don't know if it's yoga, but it's simple and it worked very well for me:
  1. Stand with your feel approximately shoulder-width apart
  2. Slightly bend your knees
  3. Bend at the waist and rest your hands just above one knee - you might find it helpful to place the opposite foot slightly behind you to help with balance
  4. On the side you're leaning on, keeping your heel on the ground, raise your toes as high as you can.
  5. Repeat raising your toes until you cannot raise it any more. (If you already have shin splints, this will be somewhat painful)
  6. Turn the same foot as far to the left as you can and raise your toes as many times as you can.
  7. Turn the same foot as far to the right as you can and raise your toes as many times as you can
  8. Switch your hands to the other leg and repeat steps 4-7.
This exercise can also be used as part of your warm up to help prevent shin splints, too.

The key to this exercise is to strengthen the muscles which pull your toes up when your heel is on the ground. This relieves the pressure off the tendons which attach to the shin. It's this pressure which causes shin splint pain.

If you suffer from shin splints, give this a shot. If nothing else, it can't make things any worse.

Saturday, February 07, 2009

RFID Passports and Drivers Licenses Compromise Your Personal Data

RFID has great value as it is used today. It also has many excellent potential uses. However, it is totally unsuitable for use in a personal identification system.

Many times I've written about the potential dangers of personal identification cards and passports equipped with Radio Frequency Identification (RFID) technology. You can check them out here. My aim in this is not to bash the technology because it has many excellent applications. My objections are strictly limited to RFID-equipped personal identification.

What the problem with RFID?
The inherent flaw in using RFID in identification cards is the very thing which makes it excellent in other applications: The RFID chip sends out a signal containing a small amount of data which a receiver can detect and pass along to a computer. While this is great for companies like Walmart to track inventory going in and out of a store, it's not good for a person when anyone can grab their personal information out of thin air just by passing near them.

Proof Is In The Pudding
For those who think my opinions alarmist, allow me to point out two studies which I believe prove my point:

University of Washington and RSA Research
On December 1, 2008, the Consumer Warning Network reported on research done by The University of Washington and RSA Security in October of 2008 which showed data from RFID chips implanted in the new Passport Cards and "Enhanced" drivers licenses can be received from over 150 feet away. Data recovered from such reception could be cloned to another card in less than 5 seconds. These tests were done with off-the-shelf equipment, not exotic technology available only to government agencies. 

Receiving data from that far away, a criminal could position a receiver near a large gathering of people and clone cards to steal a large number of identities. It is fair to point out that personal information is not stored on these cards; only a unique ID code. However, this code is all that's needed to create a cloned card. Eventually, there has to be a way to match that number to personal data stored in a database somewhere. If there is enough desire, criminals could get access to such a database and get the personal information contained in it.

A Practical Demonstration
On Feb 2nd, posted an item showing how easy it is for someone to go about reading these RFID-equipped cards. Chris Paget demonstrated how to set up a system to read the cards as one drives around a city. Like in the above-mentioned study, he used off-the-shelf equipment in his demonstration. Although he didn't scan a large number of cards, I believe it's because they are not yet widely used. As government agencies issue this type of card, though, there will be more and more of them in circulation to scan. I highly recommend watching the short video which is quite telling.

Not Just Identity Theft
Given that these cards are so easy to read from a far longer distance than government agencies care to admit, it's also important to consider another potential way to exploit this technology: stalking and tracking. It's not difficult to put together a relatively cheap, but sophisticated, RF direction-finding system. Amateur radio operators do this in "fox hunt" competitions to find hidden transmitters. It would not be difficult for anyone to put together a direction-finding system to track a person's movements. In the ultimate "big brother" scenario, it would be a simple matter for government agencies to install direction-finding equipment around a city and use it to track anyone and everyone.

"Computer, what is the current location of Captain Picard?"

Shields Up!
There is one thing the person who has this type of ID card can do to prevent its exploitation: shield it. The issuers of these cards are supposed to provide a sleeve in which to store the card, the idea of which is to prevent the RFID from transmitting outside the person's wallet or purse. While this is a good idea, I believe it is not good enough. I question how many people will actually educate themselves on how RFID works and realize the importance of using such a sleeve. How many will lose or damage the sleeve and not bother to replace it? Although laudable, providing a sleeve is hardly practical.

I recommend you do your own research to learn more about RFID. I believe that as you educate yourself, you will realize RFID in personal identification is not a good idea and will let your elected representatives know about it.