Profile cover photo
Profile photo
Issy Fernando
technology connoisseur
technology connoisseur
Issy's posts

“Enterprise content management puts content to work. Beyond capturing and sharing, it's responsive, immediate, and actionable. A unified customer experience delivering the right content to the right people where and when they need it. Putting context around content, empowering every employee so organizations can make smarter decisions, realize new value, and deliver better customer service. Smarter content is transforming business around the world, right now.” #ibminsight   #ibmecm  

Post has attachment
If you've ever wanted to know how the iPhone 5s' Touch ID fingerprint security works beyond a basic overview, you'll be glad to hear Apple has just delivered a motherlode of new details. An updated security document newly posted to its “iPhone in Business” microsite. The new info provides an inside look at how exactly the Secure Enclave generates and communicates encrypted and temporary identification information to the rest of the system to make sure that fingerprint data is never exposed to anything beyond itself.

"Each Secure Enclave is provisioned during fabrication with its own UID (Unique ID) that is not accessible to other parts of the system and is not known to Apple. When the device starts up, an ephemeral key is created, tangled with its UID, and used to encrypt the Secure Enclave’s portion of the device’s memory space.
Additionally, data that is saved to the file system by the Secure Enclave is encrypted with a key tangled with the UID and an anti-replay counter."

Apple goes on to detail how the A7 processor helps gather the fingerprint data, but can’t actually read said information itself, and how the exchange that takes place between the A7 and the secure enclave is encrypted to prevent any hijacking of the data at that point.

"Communication between the A7 and the Touch ID sensor takes place over a serial peripheral interface bus. The A7 forwards the data to the Secure Enclave but cannot read it. It’s encrypted and authenticated with a session key that is negotiated using the device’s shared key that is built into the Touch ID sensor and the Secure Enclave. The session key exchange uses AES key wrap- ping with both sides providing a random key that establishes the session key and uses AES-CCM transport encryption."

The document also includes previously revealed technical data around the Touch ID scanner itself, which takes an 88-by-88-pixel, 500-ppi raster scan of the finger being applied, which is then transmitted to the Secure Enclave, vectorized for the purposes of being analyzed and compared to fingerprints stored in memory, and then discarded.

Apple closes the section on Touch ID with a detailed, step-by-step explanation of how unlocking the smartphone with the tech works.

"On devices with an A7 processor, the Secure Enclave holds the cryptographic class keys for Data Protection. When a device locks, the keys for Data Protection class Complete are discarded, and files and keychain items in that class are inaccessible until the user unlocks the device by entering their passcode.
On iPhone 5s with Touch ID turned on, the keys are not discarded when the device locks; instead, they’re wrapped with a key that is given to the Touch ID subsystem. When a user attempts to unlock the device, if Touch ID recognizes the user’s finger- print, it provides the key for unwrapping the Data Protection keys and the device is unlocked. This process provides additional protection by requiring the Data Protection and Touch ID subsystems to cooperate in order to unlock the device.
The decrypted class keys are only held in memory, so they’re lost if the device is rebooted. Additionally, as previously described, the Secure Enclave will discard the keys after 48 hours or 5 failed Touch ID recognition attempts."

Another new section details iCloud Keychain, the syncing service that stores your passwords for use across platforms. Apple notes the system is designed to prevent unauthorized access to iCloud Keychain stored information in the event of a compromised iCloud account, and to prevent third-party access to any passwords housed in the service.

"iCloud provides a secure infrastructure for keychain escrow that ensures only authorized users and devices can perform a recovery. Topographically positioned behind iCloud are clusters of hardware security modules (HSM). These clusters guard the escrow records. Each has a key that is used to encrypt the escrow records under their watch, as described previously.
To recover a keychain, the user must authenticate with their iCloud account and password and respond to an SMS sent to their registered phone number. Once this is done, the user must enter their iCloud Security Code. The HSM cluster verifies that the user knows their iCloud Security Code using Secure Remote Password protocol (SRP); the
White Paper 26 iOS Security code itself is not sent to Apple. Each member of the cluster independently verifies that the user has not exceeded the maximum number of attempts that are allowed to retrieve their record, as discussed below. If a majority agree, the cluster unwraps the escrow record and sends it to the user’s device."

Apple has also added new information about iMessage, FaceTime encryption, single sign-on and Airdrop in terms of areas of interest to check out.

Post has attachment
im rethinking the removal of all the grass in our backyard. this is awesome

Post has attachment
Thought provoking post by Jeff Atwood.

When apps are free, you're the product
I know, I know, I'm sick of this trite phrase too. But if the market is emphatically proving that free is the only sustainable model for apps, then this is the new reality we have to acknowledge.

Nothing terrifies me more than an app with no moral conscience in the desperate pursuit of revenue that has full access to everything on my phone: contacts, address book, pictures, email, auth tokens, you name it. I'm not excited by the prospect of installing an app on my phone these days. It's more like a vague sense of impending dread, with my finger shakily hovering over the uninstall button the whole time. All I can think is what shitty thing is this "free" app going to do to me so they can satisfy their investors?

For the sake of argument, let's say the app is free, and the developers are ethical, so you trust that they won't do anything sketchy with the personal information on your device to make ends meet. Great! But they still have to make a living, don't they? Which means doing anything useful in the app requires buying three "optional" add-ons that cost $2.99 each. Or there are special fees for performing certain actions. Isn't this stuff you would want to know before installing the app? You betcha. Maybe the app is properly tagged as "offering in-app purchases" but the entire burden of discovering exactly what "in-app purchases" means, and how much the app will ultimately cost you, is placed completely on your shoulders. You, the poor, bedraggled user.

Post has attachment
You wouldn't think an initialization system would cause a this much debate.  But, for over a year, the debate between the systemd init system and Ubuntu's upstart system has been dividing the Linux community, spawning hundreds of posts on blogs and social media, and fanning the flames of a good old open source war.

In the end, it came down to a decision by the Debian project. When they announced that they were going to use systemd instead of upstart in the next release of the operating system

In the end, Canonical founder Mark Shuttleworth posted a very gracious article discussing the issue and, while praising the efforts of those involved in the upstart project, conceded defeat.  The post was titled 'Losing Graciously' and it was exactly that: someone who'd poured money, time, effort, and man hours, into a project that just didn't work out. It was a great show of class and what is possible within the community when people can step out of their personal camps and focus on what's best for the community.

Post has attachment
After denied rights to use "Another One Bites the Dust" for Rocky III, Sylvester Stallone hired Survivor to write an original song instead, which turned out to be "Eye Of The Tiger".

This year marks the 30th anniversary of “Eye of The Tiger." What’s the origin of that song?

I came home from shopping one day and heard a message on the answering machine from Sylvester Stallone. At first, I thought it was a joke, but I called the number and sure enough, Stallone answered. He told me that he loved the band and had heard “Poor Man’s Son” and “Take You On A Saturday” from our Premonition album and wanted that same kind of “street” sound for his new movie, Rocky III.

He sent us a video montage of the movie and Frankie (Sullivan) and I watched it together. There were scenes of Rocky getting a little “soft” (doing the Visa card commercials) and Mr. T “rising up” with his Mohawk. It was electric. The temp music they used to accompany the montage was “Another One Bites The Dust” by Queen. I remember asking Stallone why he just didn’t use that song for the movie and he said it was because they couldn’t get the publishing rights for it. At that point I just said, “Thank you, Queen!” [laughs]

I had my Les Paul and a small amp that we had set up in the kitchen. I turned down the sound and just started playing the little intro [mimics the intro], just feeling that pulse. Then I added to it when I saw the punches being thrown, trying to score the chords in time with the punches. We couldn’t get any farther because we didn’t have the whole movie.

Fortunately, we were able to get a copy of the finished movie with the promise that we’d send it right back the next day. At that point, we had become totally enamored in the movie and when I heard that phrase: “Hey Rocky, you’re losing the eye of the tiger” I remember turning to Frankie and saying, “Well, there’s the name of our song!” Once we had the title, the challenge became telling the story.

Four days later we gathered the troops, went into the Chicago Recording Company and recorded it. Frankie and I both wanted that big John Bonham type of drum sound and I’ll never forget the feeling and the way our drummer, Marc Droubay, captured it. As soon as he hit that beat I said, “Oh shit, this is going to be HUGE!” And there was the sound of Survivor. It was just magic!

What’s your greatest memory of your days with Survivor?

Some of the more subtle moments are my favorites. When “Eye of the Tiger” was first starting to zoom up the charts, we were out on the road with REO Speedwagon. I remember it was late in the afternoon and I went into a restaurant to get something to eat. While I was there, somebody played "Eye Of The Tiger" on the jukebox. There was a little girl there with her family. She must have been around 4 years old or so. When the song started playing, she immediately got up from her family, started spinning around and said, “Mommy! Daddy! That’s MY song! They’re playing MY song! Out of the mouth of babes. You can’t fool them and you can’t hide from them. They either love it or they don’t, and they loved it.

So that's really cool ... Managing teams is an art form, managing virtual teams is that much more of a craft (i suppose). IBM went about and interviewed successful guild leaders in World of Warcraft (WoW) to understand and build some manner of comprehension on how they effectively managed virtual teams! #ibmconnect #gamification

Post has attachment
Turns out electric cars are quite old! In the case of  Porsche 116 years old. 

The automaker has recovered the P1, an electric car that Ferdinand Porsche built while working for a carriage maker in 1898; it was also the first car he ever built. 

A wooden frame, 3HP motor and 50-mile range and but it was fast enough to win an all-electric race in 1899. Porsche raced his car in 1899 in a 24-mile, all-electric competition and crossed the finish line with three passengers 18 minutes ahead of his nearest competitor.

That's right! An all electric race ... in 1899

The young engineer built a total of four of these Egger-Lohner electric vehicles, according to the brand that bears his name today. The rest are unaccounted for. This version was parked in a warehouse in 1902 and has sat there untouched ever since. It will now become a permanent part of the Porsche display at its museum.

Post has attachment
Oh #Lorde :)
You are too fanastical!

ah chocolate! The Hershey Company has signed an agreement to develop printable treats with 3D Systems, which announced its own chocolate-equipped printer at CES last week. That yet-to-be-released machine will fall under the ChefJet line, and also supports printing 3D objects with sugar.
Wait while more posts are being loaded