Thursday, August 18, 2011

Hey Paypal!

PayPal wanted a survey from me..here is my reply. Wondered if this is too harsh?
"I periodically change all my passwords and my answers to the secret questions. This is a prudent action on my part, but apparently this behavior triggers an event related to a possible security problem in PayPal's system. I understand why this happens, but the security policies should be refactored. PayPal ought to use two factor authentication. For those that do not have access to the second factor, then drop back to the antiquated system. Also, if I remember correctly, PayPal does not allow passwords to be over a certain length. This is a super huge red flag that you are possibly storing my password plain text OR the frontend is just bush league and not sophisticated enough to prevent an overflow into the DB. In any case, this password policy is not what I expect from a banking institution. I don't have anything personal against your company, but it seems PayPal's priorities are mixed up."

Thursday, June 23, 2011

SheevaPlug Dev Kit and Debian

Got my Sheeva Plug Dev Kits in yesterday:

Initial thoughts are that they are nifty. Not earth-shattering. Not knee-buckling, just nifty.

In case you didn't know. The Sheeva Plug device is the hardware reference platform for a lot of pluggable computers these days such as the Tonido Plug and others. They have middle-of-the-road hardware specs based on the ARM architecture. The best part of this device is that the Dev kit retails out for $98. I ordered mine from GlobalScale Technologies.

GlobalScale took over two weeks just to ship out the two plugs that I ordered. Not cool. But, they did get them to me. The devices come ready to plug right into a standard wall 120V outlet. You can also remove the prongs from the device and plug in a power cable (sort of like the macbook's power transformer), so that you can mount the plug separate from the wall.

Input/Output connections to the device are:

  • Power (takes 120V directly, the power supply is in the device, interesting design decision)
  • MMC/SD slot
  • Gigabit ethernet
  • USB 2.0 port (A-type connection)
  • mini USB
This is the serial port to the device. You attach the supplied mini USB cable and there is a serial to USB device in the Sheeva Plug that gives you a serial connection. You can connection right up to the Sheeva Plug by doing something like:
% screen /dev/ttyUSB1 115200

Hardware notes:
Internal switching power supply. This is non-characteristic of hardware vendors these days. Let power supply doods handle that stuff, too much to go wrong there, but it does fit with the "plug" theme that they are going for. The MMC/SD is pretty standard, but I never really liked that form factor. The card sticks out about a full centimeter. This will snap off like a saltine at the hint of contact with something harder than talcum powder. Be careful if you use that port. Plenty of room around the usb port and ethernet port, so you can use fatty usb storage devices. The white protective case seems cheap and flimsy. I would not trust it to withstanding any sort of fall. But, this is reference hardware, not destined for the Apple Store.

Firmware notes:
When you connect to the serial console on the device, you will see the

Marvell>>

prompt. Consider this the bootloader for the device. The device has 512MB of internal flash memory, but this can't be used for the Debian install. I am not sure why this is, but I will investigate this as soon as I can and get back to you. As such, you will need to find another persistence data store. Common setups are installing Debian to the MMC or USB stick, but you could run everything from the network too. I bought these devices to run as small form factor home automation servers. So, I think the MMC/SD slot is perfect for the storage device. You can then use this link to install Debian onto the plug.

Remember: if you are writing software for the device, it architecture is "armel". The C/C++ libraries have different capabilities (they try to be the same), but you can easily cross compile for the Sheeva Plug from your amd64 machine (mostly everyone has one of those machines now, right?). Cross compiling software and directions can be found here

Setting all that up can be a bit of a pain. One of those things that drive you mad, but after going through all that, you will understand Unix guys have those giant beards.

Overall: I give the plug a 8.5/10.

Pros:
  • Open platform
  • Good hardware design (placement)
  • Inexpensive
Cons:
  • Cheap plastic case
  • Internal switching power supply makes me a bit nervous. If it goes bad, the device is toast.
  • MMC/SD slot needs to be one those spring-loaded deals (like cell phones use)...and it is OK to use microSD (only) at this point since those cards are all over the place.
I will be revising my review only the next couple of months when these plugs are attached to wall and doing their thing quietly. If I forget that they are there, then this will yield the best review possible.

In the coming weeks, I will be posting pictures of the device and how I am using it in the wild. One note, I tried to use a microSD in a full SD card insert to no available. The device was recognized, but the format of the device failed. I tried a full size SD 4GB card and this worked perfectly. SD cards are cheap and I don't need a huge amount of space on them. 4GB is plenty for a home automation server. As the days go on, I am liking this device more and more.