2007 October | .:MattTopper.com:.

12Oct/072

GM Onstar Stolen Vehicle System – ARGH

As many of you know, I'm a car guy just as much as I am a technology guy. Back in 98 I had a full pc in my car playing Mp3s with a 20x2 LCD touch screen and I've already proven I ran replace my keys with RFID, so needless to say I love the convergence of technology and automobiles. But this one actually scares me. This week OnStar (the GM in vehicle cell service) announced that they've paired with law enforcement to slow down your vehicle if it's stolen or involved in a high speed chase.

http://jalopnik.com/cars/gadgets/onstar-unveils-new-stolen-vehicle-slowdown-system-308640.php

While initially it sounds cool and helps to ensure your car doesn't end up upside down or in a guard rail during a chase, what worries me is the system itself. Every OnStar vehicle is essentially equipped with a cell phone that has access to the onboard ECM, PCM, etc. The last gen GM vehicles were supposed to be highly secured so that no one except GM could tune them. Well the codes were cracked within a couple months and the aftermarket tuners are off and running. I can just envision this system being cracked and having thousands of GM vehicles disabled on our freeways during rush hour. I'm sure OnStar has spent millions on their design to make sure this doesn't happen, but as we know, don't tell a geek he can't do something because he'll throw your millions in code out the window with a simple embarrassing back door.

If anyone at GM is listening I'd be more than happy spending a weekend looking through the code making sure there aren't any issues

Filed under: Auto Industry, General, Technology 2 Comments

7Oct/071

Twitter Tracking

A little while ago (ok about 2 weeks) Twitter released a new feature that lets you track "concepts." The idea is that you can track anytime anyone, not just the people you follow, mentions a word or series of words. That way if you want to see anytime anyone posts something with the word "Oracle" in it or "Matt Topper" you will immediately get an update. While that's cool, what more interests me is the model they are implementing it with. I'd really like to see the event model and code they are using to filter every post that is made. Holy overhead batman!! Anyways, if you want to start tracking stuff, all you need to do is text your Twitter number with the message "Track <topic here>" i.e. "Track Oracle". You can see their blog post here: http://twitter.com/blog/2007/09/tracking-twitter.html and if you want to track me I'm over there at http://twitter.com/topperge

OK, back to my install fest weekend. (and playing with RFID on the side)

Filed under: Oracle, Technology 1 Comment

6Oct/072

Oracle Adaptive Access Manager : Day X : Suspended…

Well, I spent a good amount of time last night installing and configuring the OAAM software, getting it up and running, configuring the data sources, etc. and came to the point where you have log in. Hmm...well...the docs don't have a default user name and password to use after the install. So being Oracle we all know where the default user name is at least stored, in the database somewhere right? Wrong, all the user tables were empty for the product. So at this point I'm stuck, I've got an SR open, but being such a new product I doubt that will get me far. I've also got a couple emails into people I know internally at Oracle so hopefully Monday I'll get some updates. In the meantime I'm going to work on some slides for my upcoming Oracle World presentations and finish up some virtual machines and get them uploaded to the OracleVMs.com site. S3 has turned out to be a pain to get everything working, but I'm close, hopefully I'll have a release by the end of the weekend.

Filed under: Oracle, Oracle Adaptive Access Manger (OAAM), Oracle Identity Manager, Technology 2 Comments

5Oct/072

Oracle Adaptive Access Manager : Day 1 : The Database Config and Install

Lets start with a little overview of the OAAM Architecture. The software is made up of two components:

OASA - Oracle Adaptive Strong Authenticator
OARM - Oracle Adaptive Risk Manager

The OASA component is provides numerous means to protect from phishing, pharming, trojan, and keylogging attacks. The different authentication options are interesting and well designed to protect an organization. The OARM component tracks user usage patterns to help prevent fraud detection. It uses such things as your user name, known computer attributes, known locations you access the system from, etc. to build a comprehensive profile about you. It also allows organizations to monitor in real time what users are accessing their systems and either automatically or manually (through an operator) force a user to perform a secondary level of authentication to prove they are the actual person at the computer. The Risk Manager creates a virtual fingerprint of your users through a combination of IP addresses, geo location, city, state, country information, connection type, connection speed, routes, isp flag, ASN, carrier, top level domain, registering organization, hostnames, routers, and how quickly you navigate pages. You never realized there was so much stuff people could track you by and you don't really have an option of controlling it.

OAAM is deployed just like any standard J2EE application. It's packaged as a set of jar files, some static images, and database scripts with property files to link it all together. Nothing here that I haven't done a million times before. So lets start at the bottom and work our way up. I started with a standard Oracle 10.1.4 OID /SSO deployment and 10.1.3 OC4J/OHS install. So onto the database.

The database much be of version 9.2.0.4 or higher, honestly, if you're deploying a new software architecture and still using 9.2.0.4 database to store your data give me a call and I'd love to discuss the business reasons for sticking with that. Lucky for me, the basic OID install uses a 10.1.0.5 database so I'm ready.

The first step is to validate the database parameters so that they match the minimum requirements for the install. We first must get access to the pile so we can change it into an spfile to open the database. So first we log into the database as sys.

After we log into the database, create a pfile from the database parameters, after the pfile is created you need to then edit the init<sid>.ora file you've created. To do this we set our ORACLE_HOME, ORACLE_SID, and PATH.

$> export ORACLE_HOME=/software/oracle/oaam_oid_1014
$> export ORACLE_SID=oaamoid
$> export PATH=$ORACLE_HOME/bin:$PATH
$> sqlplus /nolog
sql> connect /as sysdba
sql> create pfile = 'initoaamoid.ora' from spfile;
sql> quit;
$> vi $ORACLE_HOME/dbs/initoaamoid.ora

Within the pfile you need to set the minimums for the following settings:

*.db_writer_processes=4
*.fast_start_mttr_target=300
*._hash_join_enabled=TRUE
*.open_cursors=2000
*.pga_aggregate_target=512M
*.processes=500
*.query_rewrite_enabled='FALSE'
*.sessions=500
*.shared_pool_size=500M
*.star_transformation_enabled='FALSE'
*.timed_statistics=TRUE
*.undo_management='AUTO'
*.undo_retention='3600'
*.session_cached_cursors=500
*.commit_write='BATCH,NOWAIT'

One thing to note, commit_write is not a 10g R1 parameter, it was introduced in 10gR2, so the instructions are a bit off, but not hard to get around, just don't put it in the end of your pfile. Write out your pfile to the OS and finally we log back into the database, create the spfile from the pfile and start the database.

$> sqlplus /nolog
sql> connect /as sysdba
sql> create spfile = 'spfileoaamoid.ora' from pfile;
sql> startup
sql> quit

Once the database is started we then have to load all of the data that allows the components to run. To do this we log back into the database and then execute the db_setup.sql script.

$> sqlplus system/<oraclevms>
sql> @/software/source/oracle/AdaptiveAccessManager10g/oracle_fa_database/db_setup.sql;

The script asks you to enter the location where you want to put the two new tablespaces the application creates, the name of the user you want to use, and the password, then halfway through the script it asks you the name of your temp tablespace (TEMP). Once the script started executing it creates the actual tablespaces, database user, database objects, loads the initial data, and then the location database (for the ip address locations).

Alright, that was stupid simple, the database is done, stay tuned for the software deployment. I apologize for no pictures on this one, I was using a different machine than the one I normally do and my copy of SnagIt was setup to only snap one screen shot and overwrite it each time. I promise the rest of the install log will have pictures to go along. Thats all for now, check back in a few hours (maybe 24) for the java application deployment instructions.

Filed under: Identity Management, Oracle, Oracle Adaptive Access Manger (OAAM), Technology 2 Comments

5Oct/073

The Road to Oracle Adaptive Access Manager : Day 1

As a lot of people know, much of my last year has been spending time away from my portal / BI beginnings and spending more time in the Identity Management space. This year at Oracle World, I'll be presenting on one of Oracle's new IdM products Oracle Adaptive Access Manager (OAAM). This product was an acquisition from an Indian company by the name of Bharosa, the Hindi word for trust. It really is a nice product, providing real time risk assessment for every user of your system, and provides authentication mechanisms, as strong as, or stronger than those expensive tokens everyone has. I think I'd got over a dozen at home from various clients who gave me one "just in case." Those little buggers aren't cheap. Anyways, over the next few days I'll be digging into the new product. Going through the installation and configuration, running it against different applications and profiles and reporting back on what I find.

I really do like this product and its simplicity of deployment. Its nice to find something "simple" in the Oracle stack(s) to play with. Stay tuned.

Filed under: Identity Management, Oracle, Oracle Adaptive Access Manger (OAAM) 3 Comments