Wednesday, May 15, 2024

Preventing accidental large deletes.

Instructions for Developers on Using the safe_delete Stored Procedure

To enhance safety and auditability of delete operations within our databases, we have implemented a controlled deletion process using a stored procedure named safe_delete. This procedure relies on a temporary table (temp_delete_table) that lists complete records intended for deletion, not just their IDs. This approach helps prevent accidental deletions and provides a traceable audit log of delete actions.

Why We Are Doing This

  • Controlled Deletions: Centralizing delete operations through a stored procedure reduces the risk of erroneous or unauthorized deletions.
  • Auditability: Using a temporary table to store complete records before deletion allows for an in-depth review and verification process, enhancing our ability to confirm and audit delete operations accurately.
  • Security: Restricting direct delete permissions and channeling deletions through a specific procedure aligns with the principle of least privilege, reducing potential unauthorized data manipulations.

How We Are Doing This

The safe_delete stored procedure is designed to manage deletions securely and transparently:

CREATE PROCEDURE safe_delete(IN table_name VARCHAR(255))
BEGIN
    SET @s = CONCAT('DELETE FROM ', table_name, ' WHERE id IN (SELECT id FROM temp_delete_table)');
    PREPARE stmt FROM @s;
    EXECUTE stmt;
    DEALLOCATE PREPARE stmt;
    -- Note: The temporary table `temp_delete_table` is not dropped here to allow for auditing.
END
    

Explanation of the Stored Procedure: The procedure constructs a SQL command as a string that deletes records from the specified table where their IDs match those listed in temp_delete_table. This dynamic SQL is prepared and executed within the procedure, ensuring that deletions are based strictly on verified IDs from the temporary table. By not dropping temp_delete_table immediately, we maintain an audit trail that allows developers and auditors to review which records were affected post-operation.

How to Use the safe_delete Functionality

  1. Prepare the Temporary Table: Start by creating and populating the temp_delete_table with the IDs of the records you intend to delete.
    CREATE TEMPORARY TABLE IF NOT EXISTS temp_delete_table AS SELECT * FROM [target_table] WHERE [condition];
    Example condition could be status = 'inactive' or any other logical condition that fits the criteria for deletion.
  2. Verify the Contents of the Temporary Table: Before proceeding with the deletion, verify the contents of temp_delete_table to ensure it contains exactly the records you intend to delete.
    SELECT * FROM temp_delete_table;
    Thoroughly review the results. This step is critical to avoid the accidental deletion of unintended records.
  3. Execute the safe_delete Procedure: Once you confirm the temporary table contains the correct data, execute the stored procedure to perform the deletion.
    CALL safe_delete('target_table_name');
    Replace 'target_table_name' with the actual name of the table from which records are to be deleted.

Importance of Not Immediately Deleting the Temporary Table

Keeping the temporary table after the delete operation allows for immediate and subsequent reviews. This is crucial if issues arise or if detailed audits are needed. Temporary tables exist only during the database session. They are automatically dropped when the session ends, typically removing the need for manual cleanup. Maintaining the temporary table post-operation ensures that detailed data is available for auditing and validating the deletion process.

Best Practices and Reminders

  • Session Management: Remember that losing the database session will drop the temporary table. Plan your deletions and reviews accordingly.
  • Security Practices: Always use the safe_delete process for deletions to ensure compliance with our data handling and security policies.
  • Documentation: Always document the reasoning and specifics of the deletion operation, maintaining clear records for operational and audit purposes.

Thursday, February 29, 2024

Parking at the Baltimore Greyhound

There is no overnight parking at the Baltimore Greyhound station, but 200 yards away is the Horseshoe casino, which has $5 a day parking, and free for Caesars Reward Clubs members.  The free parking is fine, but the Rewards parking is monitored.  


You can get a rewards card for free in the casino, or at any other Caesars casino.  Mine is from Vegas.

Monday, October 30, 2023

It's always ok to negotiate.

When I was a kid we went to Congregation B'nai Israel in Galveston, Texas. You wouldn't think it, but Galveston has an old congregation by Texas standards and a beautiful Temple built by one of the great leaders in Texas Jewish history, Rabbi Henry Cohen.

Every year we would do the first Passover seder at the Temple with a hundred other people. It was wonderful to share this OLD tradition and hear from elders in the temple about their Passovers in the past.

But of course kids look forward to one thing more than anything else during Passover.

I remember Rabbi Stahl in 1974 standing in the center of the room, surrounded by the children, their eyes wide with anticipation. "Children, the afikomen you are about to search for is not just a piece of matzah. It represents a significant part of our Passover tradition. The seder, this special meal that tells our story of freedom, cannot continue without the return of the afikomen. It's a symbol of redemption and hope, reminding us of our journey from slavery to freedom. And just as our ancestors awaited their liberation, we too await the return of the afikomen to complete our seder. So, search with enthusiasm, joy, and understanding of its importance. May the one who finds it be blessed with the wisdom of our tradition and the joy of uniting us all once again in our celebration.

"The afikomen is hidden either in the music room, the library or my office.  Please be very careful as you look to leave the room exactly as you found it.  Whoever brings back the afikomen, will in addition to our thanks, be given ONE DOLLAR.  Now GO!!"

All the kids raced out in every direction. I was six at the time and my brother was four, and though my mother told me to look out for him, he was too slow and I left him behind.  I raced through the music room and make a quick look, but found nothing,  I went to the library but there were too many people there and too many books.  In the rabbis office there was nothing.  I ran back to the music room just in time to see my brother, who was too slow to keep up, look UNDER the piano bench, where the afikomen was taped.  He pulled it out, and I may have tried to persuade him to give it to me to take back, but he was cunning, even then.

We walked back into the giant dining hall where all the adults were still seated and chatting and I yelled "JEREMY FOUND THE AFIKOMEN!!!" 

People started clapping and the Rabbi said "Bring it on up Jeremy, and claim your one dollar prize! We can't restart the seder until you do!"

As my brother approached the center table, the grizzled hand of one of the temple elders, Sly Ehrlich, reached out and grabbed him - the boney fingers and numerical tattoo on his outstretched arm is a memory burned into my mind.  He pulled my brother in and said "They can't restart the Seder without it?  Kid!  You're Jewish!  Don't take the first offer!  I've got another dollar right here for you to return the afikomen.  Will anyone else match it?" 

In the end Jeremy got $12, of which my mother made him put $2 in the Tzedakah box, and everyone learned a valuable lesson about not taking the first offer.

Wednesday, September 27, 2023

Star Wars Theory: An Unintentional Force Bond - Did Padmé Truly Love Anakin?

Throughout the Star Wars saga, the Force manifests in various mysterious ways. It guides, it connects, and sometimes, it influences. One of the most controversial and debated relationships in the series is that of Anakin Skywalker and Padmé Amidala. Their love story seemed rushed and, to many fans, somewhat inauthentic. Was it truly love or was there an unseen Force at play?

Unintended Influence and Late Training

Anakin Skywalker was discovered by Qui-Gon Jinn at a much older age than most Jedi initiates. As a result, Anakin began his training with a raw, uncontrolled connection to the Force. Unlike his peers, who were trained from infancy to hone and control their abilities, Anakin had unknowingly relied on the Force in various aspects of his life, sometimes not for the better.

It is entirely plausible that his strong and uncontrolled emotions towards Padmé inadvertently created a Force bond. This bond may have made her feel a deeper connection to him than she otherwise would have. While it's clear that Padmé cared for Anakin, the true depth and nature of her love could have been unconsciously swayed by Anakin's latent and unintentional Force manipulations.

Awkward Intimacy

Many fans have commented on the seemingly awkward romantic scenes between Anakin and Padmé. What if this awkwardness wasn't just a filmmaking choice, but rather a portrayal of a relationship influenced by a force (no pun intended) neither party fully understood? Their interactions might have felt 'off' because, at some level, they were. Anakin's untrained power could have been unintentionally nudging Padmé's feelings, making them more intense than they would have been organically.

The Crushing Realization

In "Revenge of the Sith," as Anakin's visions of Padmé's death become more vivid, his desperation to save her grows. What if this desperation was not only fueled by his love for her, but by the dawning realization that he had unintentionally used the Force on the woman he loved?

When Palpatine seduces Anakin with the promise of the power to prevent death, it isn't just the allure of saving Padmé's life that tempts him. It's the hope for redemption — a chance to make right the wrong he had unknowingly committed by influencing her feelings. When faced with this internal conflict, Anakin's transformation into Darth Vader becomes not just about power or fear of loss, but also about self-loathing.

In this light, Darth Vader's journey is even more tragic. The dark path he chose was not only driven by external factors and manipulations, but by the internal agony of realizing he might have unknowingly robbed the love of his life of her agency. By becoming Vader, he embraces the monster he believes he has become, further isolating himself from any chance of redemption or genuine love.

While this is just a theory, it adds a layer of depth and tragedy to Anakin's character and makes his descent into darkness even more profound.


Friday, August 04, 2023

White Paper: Secure Multi-Vendor Supertoken Authentication

Abstract

This white paper proposes a novel "supertoken" authentication system that incorporates multi-vendor verification. The supertoken system allows users to authenticate with multiple authorities, and then utilize this supertoken to verify their identity across various web platforms. This enhances security measures and mitigates the risk of a single password compromise or impersonation, by leveraging multi-vendor checks for user validation.

1. Introduction

As the digital landscape continues to expand and evolve, the need for robust and secure authentication mechanisms has never been greater. Traditionally, users log in to each platform separately, exposing them to multiple points of vulnerability. A breach in any single platform could potentially lead to unauthorized access to user's data. Our supertoken system addresses this challenge by introducing multi-vendor authentication, creating a unified and secured method of user verification.

2. Multi-Vendor Authentication

Upon initiation of an internet session, a user authenticates with five different authorities. Each authority verifies the user's credentials and provides a token. These tokens are used to create a unified "supertoken" which encapsulates the user's verified status across all participating authorities. This supertoken can then be presented to any website the user visits subsequently.

3. Supertoken Usage and Validation

Websites requiring user authentication can use this supertoken in addition to their own authentication methods. By validating the supertoken, websites can ensure the user's authenticity across multiple authority platforms, thus, adding another layer of security. The validation process includes decoding the supertoken, verifying signatures and checking validity with each of the original five authorities.

4. Enhanced Security

This approach presents several benefits. First, by dividing the authentication responsibility among multiple authorities, we mitigate the risk of a single point of failure. A compromised password at one authority would not allow access without the valid supertoken from all authorities. Second, the supertoken system reduces the chances of successful impersonation. Since the supertoken requires validation from multiple authorities, faking authentication would require breaching all authorities simultaneously, a significantly more challenging feat.

5. Privacy Considerations

Supertoken does not compromise user privacy. The data shared with each authority is limited to what's necessary for authentication. Furthermore, when a website validates a supertoken, it only receives a confirmation of validity, not the specific details of the user's credentials with each authority.

6. Conclusion

The proposed supertoken system offers a new standard for user authentication, significantly bolstering security across multiple platforms while maintaining user privacy. Its implementation can strengthen trust in digital transactions and reduce the risk of data breaches and impersonation attempts.


7. Future Work

The development of the supertoken system is only the beginning. As we move forward, we'll explore potential partnerships with various authorities and platforms, enhancing interoperability and further strengthening online security. We also plan to review the potential for further privacy enhancements and the feasibility of integrating two-factor or multi-factor authentication methods into the supertoken system.

8. Call to Action

As we strive to build a more secure and trustworthy digital landscape, we encourage platforms, authorities, and developers to embrace this new paradigm. Together, we can redefine user authentication for the modern web and protect users' digital identities in this rapidly evolving digital era.

______________________________
This supertoken system concept is open to the public and available for use, distribution, and modification under the terms of the MIT License. We invite and encourage developers, tech enthusiasts, and all interested parties to leverage this idea to foster a safer digital landscape. The MIT License ensures that this concept remains free for all, allowing for extensive collaboration, innovation, and widespread adoption in various digital environments. Our hope is that this idea will catalyze advancements in digital security, offering robust user authentication for an increasingly interconnected world.


Monday, May 22, 2023

Shield Your Wallet: The Importance of RFID Blocking Cards in Preventing Remote Skimming


Shield Your Wallet: The Importance of RFID Blocking Cards in Preventing Remote Skimming

 tl;dr  Buy this for $10, protect 4 wallets.

RFID Blocking Wallet Inserts


In our increasingly connected world, technological advancements have revolutionized the way we carry out daily tasks. From contactless payments to smart transportation systems, convenience has become paramount. However, as we embrace these innovations, we must also remain vigilant about the potential risks they may pose. One such risk is remote skimming, a threat that can compromise the security of our financial information. Thankfully, there is a simple and effective solution at hand: RFID blocking cards. In this blog post, we'll delve into the world of remote skimming, exploring why you should consider adding an RFID blocking card to your wallet for enhanced protection.

Understanding Remote Skimming:

Remote skimming, also known as RFID skimming, is a technique employed by malicious individuals to steal sensitive data from RFID-enabled cards without direct physical contact. RFID (Radio Frequency Identification) technology utilizes radio waves to transmit information wirelessly, allowing for seamless communication between devices. While this technology brings convenience and efficiency to our lives, it also introduces vulnerabilities that can be exploited by cybercriminals.

How Remote Skimming Works:

Remote skimming operates by utilizing a concealed RFID reader, which captures the data transmitted by RFID-enabled cards. These readers are capable of scanning cards from a short distance, typically a few feet or meters, without the cardholder even realizing it. Criminals can employ this technique in crowded places, such as public transport hubs, cafes, or shopping malls, where they can inconspicuously skim data from unsuspecting individuals.

The Risk to Your Financial Security:

The information compromised through remote skimming includes credit card details, debit card numbers, expiration dates, and in some cases, even personal identification information. Armed with this data, criminals can clone cards or engage in fraudulent transactions, potentially causing significant financial loss and wreaking havoc on your credit history. Given the prevalence of RFID-enabled cards, it is vital to take proactive measures to protect ourselves from these evolving threats.

Enter RFID Blocking Cards:

RFID blocking cards provide a simple yet effective solution to counter the risk of remote skimming. These small, slim cards are designed to fit seamlessly into your wallet alongside your existing cards. They work by creating an electromagnetic shield that blocks the radio waves emitted by RFID readers, effectively rendering your cards invisible to potential skimmers. This protective barrier prevents unauthorized access to your card's sensitive data, safeguarding your financial security.

Advantages of RFID Blocking Cards:

Enhanced Security: By employing an RFID blocking card, you can proactively shield your cards from remote skimming attempts. The secure barrier ensures that your financial information remains confidential and protected from unauthorized access.

Ease of Use: RFID blocking cards are incredibly user-friendly. You simply need to place one in your wallet alongside your RFID-enabled cards, and the protective shield becomes active. No additional steps or setup procedures are necessary, making it a hassle-free security measure.

Cost-Effective: RFID blocking cards are an affordable investment compared to potential financial losses resulting from unauthorized access to your cards. It is a small price to pay for the peace of mind and security it provides.

Compatibility: RFID blocking cards are compatible with all types of RFID-enabled cards, including credit cards, debit cards, access cards, and even passports. Therefore, you can protect multiple cards within your wallet using a single RFID blocking card.

Conclusion:

In an era where technology is an integral part of our lives, it is crucial to prioritize the security of our personal and financial information. Remote skimming poses a tangible risk that can compromise our financial well-being. By incorporating an RFID blocking card into our wallets, we fortify our defenses against this threat, ensuring that our sensitive data remains confidential and secure. Investing in an RFID blocking card is a small small step that can make a significant difference in safeguarding your financial security and granting you peace of mind in our increasingly connected world.



Tuesday, May 09, 2023

The Best Deal in Non-Profit Banking


One of the big hassles in starting a non-profit is the pain in the ass of setting up a bank account.  Most of the big players have high fees. In my last nonprofit we were constantly being hamstrung by Truist, who is among the worst banks in the world, at least for nonprofits.  I'm not kidding when I say I had to go into their physical office over 8 times.

So this time I recently opened an Business Advantage Fundamentals account with Bank Of America for my new non-profit Let.Live.  BoA is a giant multinational bank -- but that has some good and bad this associated with.  Some of the best things about a giant bank are excellent security, stability and services.  BofA isn't going to do a First Republic on you. The bad things about BofA

And because they are really a big bank, they know how to do everything WELL. I never had to go into an office -- we did everything over the phone. Contrast that to Truist where I had to be physically in a branch in Virginia at the EXACT same time my partner was in a bank branch in Houston.  I could not believe that was happening in 2021.

You CAN open a BofA account online, but I'd recommend calling if you're a nonprofit because there's a part where they have to look up your business status with the Secretary of State, and I had to help them find my business.  Once that was done it was clear sailing.  The whole thing took 30 minutes.  Oh, and if you're doing it over t3eh phone, you need to fund the account with a debt card.

The downside of all those services is that there is a hefty fee,  BofA changes $16/month for their banking services for the CHEAP account, which is what I got. However you have no monthly fee if your balance is over $5k OR if you have $250 in transactions on your banks debit card.

Here's where we get clever.  There's a new donation portal called Zeffy.  They charge nothing.  If someone donates $250 to you, you get $250.  That's huge to begin with.  But now, pair it with your BofA account.  Sign up with your debit card for a $250/month donation.  Now, you have a zero fee bank account, and a zero fee donation processor.  You just have to make sure you keep $250 in your bank account.

If you don't like Zeffy, you can use Donately or Stripe or whatever for your main donation page.