Month: January 2007

Security

Vista Speech Command exploitable

Talk about fast! George Ou at zdnet posted an article about this particular gem.

Essentially, a user with the Speech Command feature enabled can browse to a web page which starts a sound file (like just about every mySpace page) containing clearly recorded commands, and the Speech Command feature will execute those commands without any other user interaction. While not every command is enabled through Speech Command, George explains why you should disable Speech Command until there is a fix:

The fact that a website can play a moderate level sound file to
interact in a way with the desktop by activating an idle speech
command system and be able to delete user documents with zero user
interaction is serious by any stretch of the imagination.

Update: Microsoft has confirmed this exploit.

Technorati Tags: , ,

Read More

Alaska

Where to put the snow?


half_the_driveway_snow
Originally uploaded by Sjan.

With 2 more months left, and lots more snow to come (for sure) I am having a hard time figuring out where to put all the snow that I am shoveling out of the drive.

If it wasn’t for the way the snow compacts under it’s own weight that berm would probably be well over the roof now. And yes, we did just have our roof shoveled off two weeks ago, thanks.

Not that I’m a photographer by any stretch of the imagination, but I did put a few more shots from around the house up on flickr. I was thinking about maybe doing a sno-b-q (a winter barbecue) and even got as far as where the barbecue is, but then I realized the charcoal and tools are still waaaaay out there in the snow.


Linux

Cure for the External Drive Blues

I have been looking all over for a way to format an external drive so that I can use it under Linux, Windows and OS X. The reason for this is simple, I currently use Windows and Linux all the time, and I am planning on upgrading my rig to a MacBook Pro just as soon as I can. Since I expect to be running OS X, Windows and Linux I needed to find a format for my 300GB external drive that would work with all of them.

While FAT32 is an option, it has some serious limitations. Like a maximum file size of 1 byte less than 4 GB. That and the way that FAT32 partitions over 32 GB (while supported under Windows) tend to get a little, shall we say, flaky.

Before today what I had found was as follows:

OS File System Read Write
Windows XP Ext2 / Ext3 application no
HFS+ application no
NTFS native native
Linux Ext2 / Ext3 native native
HFS+ in kernel in kernel
NTFS in kernel no
OS X Ext2 / Ext3 no no
HFS+ native native
NTFS in kernel no

Note: native = default or standard in a “vanilla” install | in kernel = modules available for kernel insertion, although not default.

Well, that was before I found these today: kernel modules for both OS X and Windows for full read and write support of Ext2 / Ext3 file systems. I have installed Ext2 IFS for Windows and pounded on it already. It works (so far) like a charm. I don’t yet have a Mac to test the Mac OS X Ext2 Filesystem but I will do so as soon as I can. Assuming they are building this as a loadable module for the Darwin kernel (does the OS X Darwin kernel allow insmodding?) then it should be a snap. What surprised me is that the Ext2 IFS for Windows is an actual NT Kernel module, not an app or service. It’s actually kind of cool to see my Linux partitions show up under XP as lettered drives!

Internet

Why the Change

While it may seem abrupt, the switch to WordPress was by no means a quick and easy decision. Here’s a little background.

Here’s a little history:

  • I originally started on MoveableType, but couldn’t get it to run reliably in my test environment. So I figured I would go to a flat-file system.
  • Enter Blosxom: it ran very well in both my test and live environments, but I was left with a bit of a problem. I wanted to extend Blosxom and add functionality but am not well-versed enough in Perl to wrap my head around many of the available plugins. My biggest headache: getting trackback/writeback and RSS to work.
  • So I switched to PyBlosxom. Also flat-file, and very easy to move my old content from Blosxom, and with an immensely more understandable API.
  • After running PyBlosxom for a year I was still having problems with XML-RPC – I wanted to switch from my clunky PHP/TinyMCE editor for posting to using something like Performancing for Firefox (which I am using now) or Ecto. No luck. The response on the developers list was, well, listless at best.
  • When I finally got fed up with trying to make things work, and the (seeming) lack of active development, I realized that a blog that is (ostensibly) about “stuff that w0rks” should be running on “stuff that w0rks.”
  • I tried MoveableType again – still don’t like it, tried Serendipity, it didn’t feel right, and then finally broke down and tried WordPress. While the first couple days were no better than the first days on the others, it soon started to fall into place.
  • And that brings us here.

powered by performancing firefox

Read More

Best Practices

Disclosure of Website Vulnerabilities Illegal?

A discussion on earlier today brought up the question. It seems that Eric McCarty, a student at Purdue University in Dr. Pascal Meunier’s CS390 – Secure Computing, discovered, and reported, a flaw he found on the Physics department website. When that site was hacked two months later (most likely through a different flaw, since the one reported by McCarty was patched) law enforcement came looking for Mr. McCarty. In this particular case McCarty came forward, and was eventually cleared. However, it did change how Dr. Meunier teaches his class. He no longer recommends disclosure, but recommends that one eliminates all evidence of the discovery from their computer and say nothing.

I see this as a particularly disturbing direction in which to move.

Read More

Writings

Happy New Year

It is now 2007, soon to be the year of the pig (Feb 18), 1428 (as of Jan 19) in the Islamic calendar, 5768 (Apr 6) of the Hebrew calendar, and 1414 of the Hindu calendar (Apr 8 ).

Ok, so it’s really all just a bunch of arbitrarily assigned numbers used for keeping track of what day it is, how old we are, and when it is time to pay our water bill or taxes. Really, with the increase in international trade and the spread of the idea of a truly global economy, it seems to me that we should adopt a new calendar for official functions while leaving the old calendars alone for marking festivals and such.

My lowly proposal: a calendar based solely on a solar year of 365.2425 days, beginning at the start of the Unix “epoch” (1/1/1970) and continuing as follows:

A 7-day week seen as starting on Monday and ending on Sunday (c’mon – that’s how we do business, right?)

13 months of 28 days (4 weeks) – yes I know that’s only 364 days – keep reading:

A hollow-day (yes, as in empty) which falls between the end of one year and the start of the next – no need to make it a national holiday – since it is kind of a non-day and would not even fall within a normal week – just call it Hollowday.

A leap-day calculated as per the Gregorian – as an extra Hollowday.

Since this calendar does not take into consideration the moon phases and run the alternating 29-30 day cycle for months with all the contortionistic math required to make it work, this is not a lunisolar calendar, but is solar in the sense that the seasonal changes will always fall very close to the same day (no “seasonal creep”).

As far as naming the months go I leave that as an excercise for someone else, I am satisfied to simply refer to them as roman numerals. It would also mean you could write a date as Month-Week-Day like VIII-2-3 and know that it is referring to the second Wednesday in the eighth month. The long decimal form, of course, would be YYYY-MM-DD HH:mm:ss.ms.

I will name name the calendar though, and I think it should be a simple name – and keeping with the UTC model of time zones (where GMT = Z) I will call it the Z calendar.

Edit: I just realized – if we adopt this calendar right now we’ll be right on track – since the 2nd day of any month in the Z Calendar is a Tuesday!