Friday Sep 07, 2012

Logging out

After twelve years at Sun and Oracle, and running this blog for eight years, about two hundred postings, one domain name change and getting thousands of security vulnerabilities fixed I am signing off from Oracle's product security desk today.

Working for Sun and Oracle was an incredible experience! I am very fortunate to have had the opportunity to know and learn from so many extraordinary people.

See for future postings. I can also be found on Linkedin

Sunday Jul 24, 2011

CVSS Worksheet

Common Vulnerability Scoring System (CVSS) is commonly used to rate security vulnerabilities. It helps system administrators prioritize response to security holes. Oracle provides CVSS ratings and base scores for most vulnerability fix announcements. You can calculate the score for a vulnerability using NIST CVSSv2 calculator. To use the calculator one must be familiar with CVSS v2.0 guide.

Here is an attempt to provide a simple, intuitive and illustrated worksheet to calculate CVSS v2 base score:

You can access the standalone CVSSv2 Worksheet here.

Friday Apr 29, 2011

Cross Domain Blog Migration

This blog is being migrated to domain and should be available from

Some of the media content which was previously hosted on was lost. I will try to find them from my backups and upload them elsewhere.

I have a personal blog at which should aggregate both my official and non-official postings.

Wednesday Mar 23, 2011

Everything you need to know about cryptography in 1 hour

A good talk by Colin Percival about cryptography with introduction and common mistakes made while using cryptography in applications. Recommended for anyone who does anything with cryptographic algorithms and software.

Saturday Oct 03, 2009

Fast Forward in Time: Flower Bloom

A lily bloom that lasted approximately 6 hours is compacted to 25 seconds. This was taken with a Canon SLR camera wired to a computer that captured an image every 35 seconds. The photos were combined to form a 30 frame per second video.

Wednesday Aug 19, 2009

Desktop OS for Personal Computing

I have been using OpenSolaris as my primary desktop for quite a while - it has been working well, all the devices except blue-tooth work. Features like suspend-resume and network auto manager have made life easier. With ZFS boot environment and Image packaging system, it has been easier to eliminate unwanted software and services to keep the desktop lightweight. I do not want to waste CPU cycles on fancy cruft that comes with default installation which may not required for desktop usage.

I usually keep upgrading to the latest builds, but noticed that few things have been degrading compared to previous builds I have been running. Mainly it looked like the boot up time had increased to more than a minute compared to something which it look 20-30 seconds previously. Rather than spend time debugging what went wrong, I surveyed a number of available Desktops to see if I am missing anything by running OpenSolaris, looking for something that works well and has a fast neat UI. I use virtualbox extensively to get access to different versions of Solaris as needed. In this Survey I used trial on VirtualBox as the first yardstick, followed by USB or CD booting it on my laptop.

1. Windows 7. A trial version is available for download - It looks like they rearranged few things on Windows Vista, fixed few bugs and called it new - like expired food in a new can. Slow and sluggish and certainly I may not buy it even if they give a 99.99% discount on it. I ran it on Virtual box as well as installed it on a spare partition, to try it.
Rating 2 out of 5.

2. Ubuntu Netbook Remix - the same old Gnome user interface with an additional launcher which looks like was assembled in a hurry. Tried it on VirtualBox but did not consider it worthwhile to try it further.
Rating 1 out of 5

3. Intel's Moblin - seems promising given it is still being worked on. Interface is much better than other Linux distros out there. It worked on Virtual box, but it panics when booted with USB stick. May be I will giver it a try when they get it working.
Rating 2 out of 5 (would have been higher if only it worked)

4. Live-Android - booted really fast, and has a refreshingly new GUI interface that is years ahead of the Windows 7 and Gnome. The USB booting does not seem to work. Booting from CD works. They are still working on it, and there are hacks to install other Android apps on it. Working with browser is tough and it doesn't look like it gives any access to the file system. However it has what I was looking for in my personal computer desktop - a fast and usable interface.
Rating 5 out of 5 (hoping it will mature into a full Desktop)

5. It seems Google is working on an OS called Chrome OS. If it is similar to Android and delivers on speed and usability, I am sure it would replace my existing Desktop. It might also mean the end of Windows Desktop and many other copy cat Linux Distributions out there.

6. Tinycore - offers a neat way to start with a cruft-less operating system that weighs less than 11mb and then add applications like firefox. Rating 2 out 5 (requires a bit of work to install and to get it working)

7. Webconverger - another distro that launches just the browser, worth mentioning.

There were a bunch of other distributions that I wanted to try like Fedora, Ubuntu and gOS, but looking at their screenshots, my guess is that they aren't any better than Android at this time so it would be futile to try them. At the moment I may install tinycore on the spare partition and upgrade to a better option if one becomes available.

Saturday Nov 15, 2008

Netbooks and the end of the Laptop Decade

If you are in the computer industry, it is not uncommon that friends or family often consult you to recommend a computer or a laptop. There are several things that make answering it difficult, especially for an average consumer who may be buying their first laptop with hard earned money:

  • A. good $1000 laptop does not offer value-for-money to someone wanting to use gmail and Internet
  • B. It will be obsolete in an year and newer software will run slower

When I first heard about the features of OLPC - (One Laptop Per Child) especially its battery life and networking features etc., my reaction was that those features should be part of any average consumer computer - trying to sell it to kids made it look like a scam. If I had 400$ to spend for a child's education, there are a dozen better ways to spend it. A computer would be near the bottom of that list.

Since then a number of commercial small low-cost, efficient and Internet oriented laptops have appeared in the market. These are also called Netbooks (v/s Notebook)

Number of companies making them suggests that these are becoming popular. While the hardware used is pretty awesome, the software stack has to catchup. The personal computer software industry has a long way to go before it is ready for the average consumer.

Especially focus has to be on making software run faster, simpler and more usable. Bloatware should be avoided and software should be able to run with limited resources. System should be able to boot in a couple of seconds and response time for any click should be strictly less than 100 milliseconds (except where the network latency comes into picture).

It seem to be a trend that the common software, (such as browsers, mail clients, games and operating systems) get bloated and slower with each revision. The Gnome desktop my OpenSolaris Indiana takes almost as much time to load up as the system takes to boot up. There is probably one drastic solution to it, that software developers should use old systems which were made 5 or 6 years ago. That way, regressions in performance become visible as soon as they are introduced.


sayings of an hearer


« July 2016