The Shoes of the Fisherman's Wife Are Some Jive-Ass Slippers

tpot (at) frungy . org

rss

2004
Months
Jan FebMar
Apr May Jun
Jul Aug Sep
Oct Nov Dec

Fri, 27 Feb 2004

On Barn Doors

Tom Van Vleck, in a recent Risks posting, makes the following observation about non-executable stacks:

Closing one open barn door is good, but it needs to be complemented by a systematic approach to enumeration of openings, and a method of closing the openings by architectural design that applies to all openings.

posted at: 10:51 | path: | permanent link to this entry

Thu, 26 Feb 2004

Windows Debugging

From Slashdot:

Windows Debugging Steps:

1) Re-boot.
2) Re-install.
3) Re-format, Re-boot, Re-install.
4) Re-peat

posted at: 10:11 | path: /humour | permanent link to this entry

Sharecropping

I first saw this word when reading Fast Food Nation referring to potato and beef farmers who are basically just contractors managing someone else's land.

Tim Bray has a nice piece on sharecropping as it applies to software development on proprietary platforms. posted at: 10:10 | path: /computers/microsoft | permanent link to this entry

Wed, 18 Feb 2004

Let's all band together to sweep the problem under the rug instead of actually fixing it

From the Politech list:

Subject: Yet another Microsoft Security Flaw

[...]

I am also asking that those of you who have blogs and newsletters and high traffic web sites post this warning on your front page and include it in your newsletters. The best defense to this virus is to stop it before it begins. As you all know - this virus will affect non-windows users in that the new viruses turn windows computer into spam robots and we are still getting the bounce messages from the last virus. Let's see if we can stop this before it starts by first - patch your computer now - then - tell everyone to patch theirs. You can cut and paste this warning into your blog or newsletter.

How about we don't do that. Perhaps more people will have an incentive to do something constructive about the virus problem instead of constantly patching. posted at: 14:30 | path: /rants/microsoft | permanent link to this entry

Tue, 17 Feb 2004

American Political Blogs

I'm currently hooked on news about the lead up to the U.S presidential election. I guess it's because events in the US usually have major follow-on effects in Australia and the local newspapers don't give daily updates in as much details as various bloggers.

Calpundit and Talking Points Memo are two blogs that I am currently reading. These guys seem very well informed as don't engage in pointless idealogical ranting. It's always interesting reading in the blogosphere! posted at: 18:33 | path: /blogs | permanent link to this entry

Sun, 15 Feb 2004

JOKE HAIKU ARE USED BY PSEUDO-INTELLECTUAL POSEURS TO IMBUE BANAL AND UNINSPIRED QUIPS WITH UNDESERVED CACHET

The Wikipaedia entry for haiku eventually links to this nice little rant calling for the complete elimination of joke haiku production on the internet by Paul Henry.

[...] the vast majority of joke haiku posted to the Internet just aren't funny. Short enough to take the form of a simple sentence, the typical joke haiku is just that: a brief observational sentence about some random aspect of life. When shorn of its haiku form, its true banality emerges.

Consider the example I posted above: 

Milk after five months
in my refrigerator
tastes just horrible.

This poem is easily the equal of any number of joke haiku posted or e-mailed anywhere on the Internet. Yet look at what happens when I remove the line breaks: 

Milk after five months in my refrigerator tastes just horrible.

What once might have elicited satisfied chuckles from joke haiku aficionados becomes an excruciatingly average observation that illuminates nothing other than the author's slovenly approach to foodstuff maintenance. Of course, you don't have to take my word for it; try it on any joke haiku you encounter and see if it retains even a fraction of its whimsy.

I think he has a point, although Seinfeld managed to make many seasons of his comedy show about "nothing". Joke haikus seem very similar. My favourite entry from this year's contest is by John Cataldo:

perl perl perl perl perl
perl perl perl perl perl perl perl
perl perl perl perl perl
Paul also has an interesting term for the discussion of amusing values of the HTTP referrer: "refer madness". Heh. posted at: 11:49 | path: /humour | permanent link to this entry

Thu, 12 Feb 2004

Google juice

The OSI Position Paper on the SCO-vs.-IBM Complaint is now the number 1 hit when searching for SCO on Google. posted at: 11:12 | path: /internet | permanent link to this entry

Wed, 11 Feb 2004

Cool BIND hack

The following named.conf snippet tells BIND to use an internal nameserver for a private network *.test in the address block 10.0.0.0/8: 

zone "test" {
        type forward;
        forward only;
        forwarders {
                10.0.0.1;
        };
};
 
zone "10.in-addr.arpa" {
        type forward;
        forward only;
        forwarders {
                10.0.0.1;
        };
};
I wish more programs would use the BIND configuration file format. It's easy to read, parse and you can nest configuration parameters, something that a lot of other configuration files can't do. posted at: 15:41 | path: /internet | permanent link to this entry

Best Anti-ASN.1 Rant Ever

From Slashdot:

This isn't the third DIFFERENT bug in ASN.1 discovered recently - this is the third set of applications using the SAME REFERENCE IMPLEMENTATION of ASN.1 that was discovered to be vulnerable once it was discovered that the reference implementation was buggy. SNMP and SSL got hit, then just recently H.323 got hit, and I don't know what Microsoft parts just got hit (but it wouldn't surprise me if it's Netmeeting and maybe IE.)

Why? Because ASN.1 is the Mos Eisley of bit-twiddly protocols, and "you'll never find a more wretched hive of scum and villainy." AFAIK, there's nothing insecure about the protocol itself, but it's so ugly that everybody tends to reuse the reference implementation rather than rewriting their own. While that has some good aspects to it, some of the original reference implementation code wasn't always careful about checking bounds, etc., and eventually the University of Oulu folks did a proper study and found the holes.

[...]

Bit-twiddly space-saving data formats are almost always a Bad Idea. As they say, people who play with the bits deserve to be bitten. ASN.1 problems make many applications hard to write and harder to debug, but in the Open Source world, PGP has gone through several iterations of security-critical bugs because they were trying to steal bits, plus backwards compatibility issues make stealth versions difficult. The theory is that it's somehow more "efficient" to save a few bits of data storage or data transmission time by using variable-length formats, trading off the space for more CPU time and program space. This isn't totally off the wall, given 20 years of Moore's Law (which seems to have improved CPU and RAM price/performance by 10**5 - 10**6, disk by about 10**5, but smaller bandwidths by only 10**3-10**4), but the cost in programmer time, debugging time, and bug impact has been immense.

posted at: 12:00 | path: /rants | permanent link to this entry

Mon, 09 Feb 2004

Ha ha

alt.social.networking.orkut.orkut.orkut posted at: 16:34 | path: /humour | permanent link to this entry

RPM trick of the day

This command displays the size, permissions and user/group owners for a RPM:

rpm -qp --qf "[%{FILESIZES}\t%{FILEMODES:perms} %{FILEUSERNAME}\t%{FILEGROUPNAME}\t%{FILENAMES}\n]" filename.rpm

Unfortunately that's all a bit hard to type in on the command line. A --verbose option to one of the other query options would be nice but maybe that's optionitis.

posted at: 15:38 | path: /software | permanent link to this entry

ATTENTION SHOPPERS

From ScanAlert.com:

Is your credit card number exposed to hackers? ScanAlert's IsItSafe? service makes it easy to find out...

Is your site a safe place to shop? Can you prove it? ScanAlert can...

If you read the fine print it says that:
While ScanAlert makes reasonable efforts to assure its certification service is functioning properly, ScanAlert makes no warranty or claim of any kind, whatsoever, about the accuracy or usefulness of any information provided herein. By using this information you agree that ScanAlert shall be held harmless in any event.
While it does seem nice to have a service that checks for well-known web server vulnerabilities, which IsItSafe? seems to do, this does seem to be a good example of what Bruce Schneier calls window dressing security. "Can you prove it?" indeed.

(Oh and resizing the browser window to 570x650 whenever you visit a page on your website is pretty sucky). posted at: 14:39 | path: /computers/security | permanent link to this entry

Sun, 08 Feb 2004

An intelligent slashdot post

The quality of posts at -1 has been pretty poor lately so I've been resorting to reading posts with positive moderation. This poster has an interesting remark about C# and .NET:

That C# takes ideas from java is irrelevant. .Net and C# exist for exactly one reason: Bill Gates wanted to stop Java. Bill likes to have control. He couldn't tolerate Java, because it didn't allow him to have control.

Maybe you like C#, maybe you don't. maybe it's useful for your project, maybe it's not. Those are side issues -- its role as a tool is secondary.

DotNet performs the task for which it was designed very well. That task is, of course, to contain programming talent and effort within the Windows world. That DotNet better than VB and Win32 is fundamentally a testament to how awful VB and Win32 are.

I'm not bagging C# or DotNet on their technical merits. They are not bed in that respect. But C# and DotNet's utility as development tools for Windows are only secondary to their utility as a means for maintaining Microsoft's control of the market.

C# and DotNet are beautiful Gates on the prison of the computing world.

posted at: 08:59 | path: /software | permanent link to this entry

Fri, 06 Feb 2004

Amusing Google Ads

The Washington Post is running a story on the Bush Administration's 2005 budget. Although the budget sounds like a bit of a joke in itself, the google advertisments are even better. From the article:

"Imagine someone who's been piling on extra pounds at an alarming rate. Trimming his annual weight gain from 30 pounds this year to 15 pounds five years from now still leaves him fat -- and getting fatter. The goal shouldn't be to cut the deficit in half; it should be to remedy the gap between what the government is spending and what it is taking in."
Google brings up three ads:
  • How to gain weight - Weight gain program for skinny guys.
  • Gain weight fast - Pack on huge, hard muscle.
  • Ablaze health and beauty - Fast way to look your best.
The ads kind of detract from the invective but are strangely appropriate. posted at: 16:04 | path: /humour | permanent link to this entry

Mon, 02 Feb 2004

Merging in Subversion

To merge changes from a location in the repository to a workarea, use the following command from within the workarea:

svn merge -r rev1:rev2 repository-uri

The argument to -r specifies the range of changes in the source branch to merge into the target. The repository-uri argument specifies the area of the repository to merge from which is typically the trunk or an active branch.

When selecting revision numbers, the output of svn log is useful. If the target workarea was branched at revision 123, use -r 123:HEAD to merge all changes that have happened since the branch point. Unfortunately there doesn't seem to be a way to specify a tag that refers to the branch point. You must know the revision number.

I should read more of the Subversion book to discover some more hints and tips. posted at: 13:12 | path: /software/subversion | permanent link to this entry