Author: sjan

OS

VMWare Fusion for Mac Released

VMWare have finally released Fusion, their virtualization product for Mac. Fusion allows creating virtual machines running one of 60 different operating systems. In addition, their “Unity” feature seems to act the same as “Coherence” from Parallels, allowing Windows apps to be started from the dock and run without the OS window behind them. Seeing how they haven’t said the same for any other OS, however, I would have to guess that it is just like Coherence, in thatit only works with a Windows guest.

The question this leaves me with, however, is still: will we see a VMWare release that will allow an OS X guest on another system?

Technorati Tags: , ,

G33K

SysAdmin Day

It’s SysAdmin Day. So, does that mean I get some time off? Or a card? Oh, wait, I have a server to rebuild. Never mind.

Development

New Class of Exploits: Dangling Pointers

While dangling pointers are a common coding error (especially in C++) there has previously been no way known to exploit them. In fact, they were generally considered a quality control issue rather than a security issue. That is all set to change. According to an article today from SearchSecurity Jonathan Afek and Adi Sharabani of Watchfire Inc have uncovered a way to exploit generic dangling pointers to run shell code on a server in much the same fashion as buffer overflows. According to Danny Allen (also of Watchfire) this technique can be used on any application with dangling pointers.

Afek will be giving a presentation on the technique in August at the Black Hat Briefings in Las Vegas.

Technorati Tags: ,

Music

Louder is not better

Issue 1: I have noticed that the CD’s in my collection which are older (late 80’s to mid 90’s or so) sound a whole lot better than those recorded more recently.

Issue 2: Popping in an older CD after playing a more recently released one required turning the volume up. Never mind the deafening blast that results when going from playing an older CD to a newer one without adjusting the volume first.

If I had bothered to really think about it I would have realized that the these are actually two effects of the same cause. For an explanation this YouTube video has a clear audio and visual representation of what is happening in the world of music production today. Producers are turning up the volume on tracks to get the loudest sounds possible, but at the expense of the dynamic qualities of the music.

Technorati Tags: , ,

Community

Live on (yet) another social site

Yes, it’s true, I finally broke down and signed up on MySpace. Truth be told, I have had a rather private account on there for a while now, but never set up anything in the profile – mainly to allow me to visit band sites of some of my favorite Nerdcore artists. Since my wife has been using it for a while, as well as several friends from Washington state I thought I’d go ahead and dive in as well. So you can find me there too, at www.myspace.com/evardsson.

I also set up a site for 2DL at www.myspace.com/2dlmusic (the 2dl url was taken)

Now I guess, I should think about doing something with my Facebook account. Ok – never mind, I did it, it’s here.

So, how does one keep up with all of these? Well, for one, I found a nifty thing to update my MySpace blog when I update this blog. Now if I can get the Feed Invasion app to work on Facebook it will show up there as well. Haven’t I done enough damage for one day?

Writings

The Error of Techno-centricity

While we (as a society) are seemingly making progress in getting over especially European biased Ethno-centric views, it seems that there is an area where we are still falling behind in understanding our own past. The popular image of people in ancient ages as unwashed, ignorant masses ruled by superstition have, for the most part, as much validity as the same image as it has been applied in past years to non-European peoples.Just because a people lived in a time before the invention of technology X we seem to feel that anything monumental they accomplished was done through the use of thousands of slaves employed in brute-force labor.

So it may come to many as a surprise that something as massive as Stonehenge could have been built with a much smaller number of individuals than previously thought, and that stones as large 22,000 have been moved, and raised, by one man using nothing more than rope, stones, wood and, of course, physics.


So, is it our ill-conceived idea that the ancients didn’t have rope, stones and wood, or that they somehow were incapable of observing the physics of the world in which they lived? It sometimes seems as though there is an idea that before Newton physics didn’t even exist, or no one had the intelligence to figure out the influence of gravity. Not having a name or a formal set of mathematical figures for a thing is not the same as totally not understanding its influence. Do you have to do (or even understand) all the calculus involved in figuring out the trajectory of a thrown ball in order to catch it? Not even. But you do understand that the ball is going to travel in a continuous path (an arc, actually) and not do something ridiculous like suddenly take a sharp turn.

So take a look at www.theforgottentechnology.com and see what may have been the answer to how things like Stonehenge and the pyramids are possible for people, even in small groups, with just a little understanding of the world around them.

Alaska

Why I love June in Alaska

This is why I love June in Alaska. Here’s a couple shots I just took about 30 minutes ago (about 5 minutes past midnight) and it’s not even Solstice yet!

East at Midnight West at Midnight

Apache

Useful custom 403 and 404 error pages with PHP

While this is certainly nothing new, it seems to be too often overlooked. Apache allows an ErrorDocument Directive in the configuration that will point at a custom document. Using this can have some benefits to the user and to the site administrator.

While Apache allows for error documents located at a remote URL (ie anything starting with http://) this causes Apache to send a redirect to the browser, even if the document resides on the same server. This is not a good idea, as the documentation points out.

This has several implications, the most important being that the client will not receive the original error status code, but instead will receive a redirect status code. This in turn can confuse web robots and other clients which try to determine if a URL is valid using the status code. In addition, if you use a remote URL in an ErrorDocument 401, the client will not know to prompt the user for a password since it will not receive the 401 status code. Therefore, if you use an ErrorDocument 401 directive then it must refer to a local document.

Using a local document for handling errors, however, gives you the ability to override the default Apache messages, which are often replaced by the browser with their own, internal error messages (MSIE, I’m talking about you.) Besides giving you the ability to match the error page to your site, you can use some simple PHP to make it more informative for both the end user and the site admin. Instead of just saying “File so-and-so doesn’t exist, sorry” you can make a page that allows the user to send a message to the admin. If you wish, you can have the page automatically mail the information, although that can quickly lead to hundreds of emails as users mis-type urls, spiders follow old links, and scripts search your LAMP site for IIS vulnerabilities. Trust me on that one, it’s a bad idea that won’t outlive the weekend.

With that in mind here a couple samples that you can build from.

Sample 403 error page:

<?php
print "<html>
<head>
<title>Sample 403 Error Document</title>
</head>
<body>"
$server = $_SERVER['SERVER_NAME'];
$uri = $_SERVER['REQUEST_URI'];
$bad_link = $server.$uri;
// Note that the referer cannot be completely trusted
// as some agents either do not set a referer or allow
// the user to modify the referer at will. It is, however,
// often useful for troubleshooting.
$referer = $_SERVER['HTTP_REFERER'];
$remote = $_SERVER['REMOTE_ADDR'];
print "<h1>403: Forbidden</h1>
<p> </p>";
if ($uri == '/403/403.php') { 
	print "<p>>You have reached the custom 403 error page for mysite.com. Was it everything you were hoping for?</p>";
}
else if (substr($uri, -1, 1) == '/') {
    print "<p>Sorry, this directory cannot be browsed.</p>
    <p>If you received this message by clicking on a link on this website, please <a href=\"mailto:webmaster@mysite.com?subject=403: Bad Directory Link&body=$bad_link from $referer\">report it to the webmaster</a>.</p>";
}
else {
    print "<p>You have attempted to access a resource ($uri) for which you do not have the proper authorization or which is not available from your location.</p>
    <p>If you received this message by clicking on a link on this website, please <a href=\"mailto:webmaster@mysite.com?subject=403 Error&body=$bad_link from $referer reached by $remote\">report it to the webmaster</a>.</p>";
}
print "</body>
</html>
";
?>

Sample 404 error page:

<?php
print "<html>
<head>
<title>Sample 403 Error Document</title>
</head>
<body>"
$server = $_SERVER['SERVER_NAME'];
$uri = $_SERVER['REQUEST_URI'];
$bad_link = $server.$uri;
// Note that the referer cannot be completely trusted
// as some agents either do not set a referer or allow
// the user to modify the referer at will. It is, however,
// often useful for troubleshooting.
$referer = $_SERVER['HTTP_REFERER'];
print "<h1>404: File Not Found</h1>
<p> </p>";
if ($uri == '/404/404.php') {
    print "<p>You have reached the custom 404 error page for mysite.com. Was it everything you were hoping for?</p>";
}
else {
    print "<p>Sorry, that file ($uri) does not seem to exist.</p>
    <p>If you received this message by clicking on a link on this website, please <a href=\"mailto:webmaster@mysite.com?subject=Bad Link&body=$bad_link from $referer\">report it to the webmaster</a>.</p>";
}
print "</body>
</html>
";
?>

Of course you would make sure the styles, links, mailtos, site name, etc are right for your site, but this gives you an idea.

Technorati Tags: , ,