Author: sjan

Linux

Cure for the External Drive Blues

I have been looking all over for a way to format an external drive so that I can use it under Linux, Windows and OS X. The reason for this is simple, I currently use Windows and Linux all the time, and I am planning on upgrading my rig to a MacBook Pro just as soon as I can. Since I expect to be running OS X, Windows and Linux I needed to find a format for my 300GB external drive that would work with all of them.

While FAT32 is an option, it has some serious limitations. Like a maximum file size of 1 byte less than 4 GB. That and the way that FAT32 partitions over 32 GB (while supported under Windows) tend to get a little, shall we say, flaky.

Before today what I had found was as follows:

OS File System Read Write
Windows XP Ext2 / Ext3 application no
HFS+ application no
NTFS native native
Linux Ext2 / Ext3 native native
HFS+ in kernel in kernel
NTFS in kernel no
OS X Ext2 / Ext3 no no
HFS+ native native
NTFS in kernel no

Note: native = default or standard in a “vanilla” install | in kernel = modules available for kernel insertion, although not default.

Well, that was before I found these today: kernel modules for both OS X and Windows for full read and write support of Ext2 / Ext3 file systems. I have installed Ext2 IFS for Windows and pounded on it already. It works (so far) like a charm. I don’t yet have a Mac to test the Mac OS X Ext2 Filesystem but I will do so as soon as I can. Assuming they are building this as a loadable module for the Darwin kernel (does the OS X Darwin kernel allow insmodding?) then it should be a snap. What surprised me is that the Ext2 IFS for Windows is an actual NT Kernel module, not an app or service. It’s actually kind of cool to see my Linux partitions show up under XP as lettered drives!

Internet

Why the Change

While it may seem abrupt, the switch to WordPress was by no means a quick and easy decision. Here’s a little background.

Here’s a little history:

  • I originally started on MoveableType, but couldn’t get it to run reliably in my test environment. So I figured I would go to a flat-file system.
  • Enter Blosxom: it ran very well in both my test and live environments, but I was left with a bit of a problem. I wanted to extend Blosxom and add functionality but am not well-versed enough in Perl to wrap my head around many of the available plugins. My biggest headache: getting trackback/writeback and RSS to work.
  • So I switched to PyBlosxom. Also flat-file, and very easy to move my old content from Blosxom, and with an immensely more understandable API.
  • After running PyBlosxom for a year I was still having problems with XML-RPC – I wanted to switch from my clunky PHP/TinyMCE editor for posting to using something like Performancing for Firefox (which I am using now) or Ecto. No luck. The response on the developers list was, well, listless at best.
  • When I finally got fed up with trying to make things work, and the (seeming) lack of active development, I realized that a blog that is (ostensibly) about “stuff that w0rks” should be running on “stuff that w0rks.”
  • I tried MoveableType again – still don’t like it, tried Serendipity, it didn’t feel right, and then finally broke down and tried WordPress. While the first couple days were no better than the first days on the others, it soon started to fall into place.
  • And that brings us here.

powered by performancing firefox

Read More

  • January 23, 2007
  • January 25, 2007
  • sjan
Best Practices

Disclosure of Website Vulnerabilities Illegal?

A discussion on earlier today brought up the question. It seems that Eric McCarty, a student at Purdue University in Dr. Pascal Meunier’s CS390 – Secure Computing, discovered, and reported, a flaw he found on the Physics department website. When that site was hacked two months later (most likely through a different flaw, since the one reported by McCarty was patched) law enforcement came looking for Mr. McCarty. In this particular case McCarty came forward, and was eventually cleared. However, it did change how Dr. Meunier teaches his class. He no longer recommends disclosure, but recommends that one eliminates all evidence of the discovery from their computer and say nothing.

I see this as a particularly disturbing direction in which to move.

Read More

  • January 16, 2007
  • January 25, 2007
  • sjan
Writings

Happy New Year

It is now 2007, soon to be the year of the pig (Feb 18), 1428 (as of Jan 19) in the Islamic calendar, 5768 (Apr 6) of the Hebrew calendar, and 1414 of the Hindu calendar (Apr 8 ).

Ok, so it’s really all just a bunch of arbitrarily assigned numbers used for keeping track of what day it is, how old we are, and when it is time to pay our water bill or taxes. Really, with the increase in international trade and the spread of the idea of a truly global economy, it seems to me that we should adopt a new calendar for official functions while leaving the old calendars alone for marking festivals and such.

My lowly proposal: a calendar based solely on a solar year of 365.2425 days, beginning at the start of the Unix “epoch” (1/1/1970) and continuing as follows:

A 7-day week seen as starting on Monday and ending on Sunday (c’mon – that’s how we do business, right?)

13 months of 28 days (4 weeks) – yes I know that’s only 364 days – keep reading:

A hollow-day (yes, as in empty) which falls between the end of one year and the start of the next – no need to make it a national holiday – since it is kind of a non-day and would not even fall within a normal week – just call it Hollowday.

A leap-day calculated as per the Gregorian – as an extra Hollowday.

Since this calendar does not take into consideration the moon phases and run the alternating 29-30 day cycle for months with all the contortionistic math required to make it work, this is not a lunisolar calendar, but is solar in the sense that the seasonal changes will always fall very close to the same day (no “seasonal creep”).

As far as naming the months go I leave that as an excercise for someone else, I am satisfied to simply refer to them as roman numerals. It would also mean you could write a date as Month-Week-Day like VIII-2-3 and know that it is referring to the second Wednesday in the eighth month. The long decimal form, of course, would be YYYY-MM-DD HH:mm:ss.ms.

I will name name the calendar though, and I think it should be a simple name – and keeping with the UTC model of time zones (where GMT = Z) I will call it the Z calendar.

Edit: I just realized – if we adopt this calendar right now we’ll be right on track – since the 2nd day of any month in the Z Calendar is a Tuesday!

Browsers

Bookmarklet and Google Gadget for etymonline.com

I ran across the Online Etymology Dictionary the other day and was blown away by the well-designed and incredibly useful service they offer. Of course, it’s much nicer to have access to that functionality at a click, so of course I created a Firefox/Mozilla bookmarklet. But I wanted to have the same thing available on my Google homepage, right next to the Dictionary search box and the Wikipedia search box, so I created a “Google Gadget” for it as well.

To use the bookmarklet, drag the link below into your Firefox/Mozilla bookmarks bar.

Find Etymology

To use the “Google Gadget” go to your Google homepage, click on the “Add Stuff” link, click on “Add by URL” and enter http://www.evardsson.com/files/gg_etymonline.xml

Enjoy!

Read More

  • December 19, 2006
  • January 23, 2007
  • sjan
Security

MS Word 0-day: Round 3

Yesterday eWeek reported another 0-day exploit for Microsoft Word. While Microsoft has not publicly acknowledged the threat, has issued a bulletin warning of it and a has been released publicly.

From the CERT bulletin:

Data used by Microsoft Word to construct a destination address for a memory copy routine is embedded within a Word document itself. If an attacker constructs a Word document with a specially crafted value used to build this destination address, then that attacker may be able to overwrite arbitrary memory.

According to the eWeek article, currently only BitDefender recognizes the threat. Testing on a fully patched and up-to-date WinXP SP2 I can at least vouch that AVG doesn’t recognize it as a threat yet. Opening the POC in Microsoft Word results in successful execution of the exploit (which in the POC merely crashes Word.) Attempting to open the POC in OpenOffice results in OO reporting an error.

My recommendation: use .

Read More

  • December 15, 2006
  • January 23, 2007
  • sjan
Alaska

Ken Starr to fight Free Speech in AK

Rather than try to explain the entire case, which the article at CNN does so well already, I’ll summarize:

In 2002, Joseph Frederick, a Juneau, AK senior was suspended for displaying a banner reading “Bong Hits 4 Jesus” on a public sidewalk outside the school. School officials suspended him because, in their argument, it was a school function, since the students had been let out of class to watch the Olympic torch go by, and were accompanied by teachers.

Frederick’s family brought a suit against the school board for violation of his First Amendment rights and the 9th US Circuit Court agreed.

Now the school board, represented (pro bono) by Ken Starr is preparing to appeal.

My take on it is this: the school does not have the right to impinge on the free speech of students when they are off-campus, not in class, and it does not have an effect on the educational mission of the school. Even when that speech is offensive, counter to the school’s standards, or as in this case, lacking any reasonable common sense.

OS X

Apple releases patch for some, not all flaws

On Tuesday Apple released Security Update 2006-007 for OS X which addresses some 31 flaws, including the well-known AirPort issue. The fixes cover both Mac specific and third-party components, including Perl, PHP and OpenSSL among others.

However, ZDNet UK reports that the patches fix none of the vulnerabilities found in the “Month of Kernel Bugs .” (The AirPort vulnerability was actually part of the MoKB, so it would be correct to say that at least one of them were covered by this patch.)

Read More

  • November 30, 2006
  • January 23, 2007
  • sjan