Scott Adams created two strips that are so on point I just can’t help myself…

This should be required reading for security experts and “normies” alike…

I just finished moving the last of my content into WordPress pages. I got tired of my old theme and decided to give up on integrating WordPress into my existing site. I was spending a significant amount of time just merging in the changes from WordPress releases without clobbering all of my customizations. It had officially become a pain in my ass. School, and Projects are now available in the other Other… section at the top. I might them up to the top-level but for now they are there.
Read the complete article »

Who’s bright idea was it to have the iPhone 1.1.2 fuck with my clock? I upgraded to 1.1.2 last night, set the alarm on the iPhone, and went to bed. I wake up at 6am feeling amazing, almost like I slept 8.5 hours instead of 5.5. I take a shower and head to work. I’m about to pull into the parking lot when I notice my car’s clock says 10:30am. Hmm… I don’t remember changing the clock in my car. Sure enough the iPhone’s clock had reverted to Las Vegas time which I had visited a month ago. WTF?!?! This wasn’t even setup as my time zone before the update. I have no clue what happened but I’m fucking pissed. All their commercials show the phones being used to condense 10 devices into one. Great, the one device I really wanted aside from phone and email fucked me, and it didn’t wear lube.

So after a brief conversation with DAC [1] today I formed a thought. Those of you that know me know that forming a thought is not only an arduous but more often than not a complete failure. As a result I accept no blame - DAC is solely responsible for this opinion:

Why doesn’t the non-English speaking world start speaking better English? I went out of my way to learn Spanglish, and I continue to learn but figuring out how to add the simple “oh” (long O) sound to the end of words. Yes it is as hard as it sounds. For example, bright urple just doesn’t lend itself to an “O” at the end; however if you drop the “le” and add then add the “oh” you’re in business. Brighto Purpo. Another good example, lets see how many non-English speakers can define Hippopotomonstrosesquippedaliophobia [2]. Since their native language is not English they will not know the definition. Now ask me for the definition of the Spanglish version, Hippopotomonstrosesquippedaliophobiao [3]. Spanglish, being a good language, means that the words that now end in “oh” have the exact same defintion as they do in native English.

I’ve been thinking of researching the PS3 hypervisor. Mainly from a security perspective but this led me to thinking. You know what would be cool? Micro-partioning a PS3. Obviously IBM has experience with micro-partitioning on the PPC and the Linux distros are already tried and tested in these exact environments. You could use the system as a Linux server for your house (SMB, mail, et al), play games/fold proteins at the same time, and even run multiple guests if you desire.

The PS3 already has a hypervisor that allocates a subset of system resources to the “otheros” kernel. One example, the hypervisor only exposes either a 10G or a 50G virtual disk (/dev/sda) instead of the 50/10 split physical disk that actually exists (/dev/sda1, /dev/sda2). I can only assume that this is to protect proprietary/otherwise protected information on the game OS partition. A second example of the hypervisor partitioning resources: the guest OS can only access a subset of the total cell processor cores available. Another measure in controlling access to proprietary information?

Granted this hypervisor is not nearly as advanced as those found in other IBM PPC platforms. Still, I might have found a use for virtualization in my home - running games and running services at the same time. Yippee? A second use, the real dork in me wants to run other Linux OSs at the same time as a Fedora OS. Mainly because I want to experiment on other Linux distros but run Fedora to aid in my research mentioned above.

Went to burn the new Fedora 8 DVD ISO to a disc today. Opened up Toast, selected the image file, and clicked record. Got a simple “No recorder found” error. Couldn’t figure out what it was.

My first thought, one of those SoBs at work wanted to put one in their Dell. Perhaps Josh or Chris P [1]. Opened up System Profiler just to confirm - yup my Macbook Pro still has the superdrive locked safely inside. It was just a little paranoia. Following the same logic I pretty much eliminated Garden Gnomes [?] [?!] from Harry Potter as the source of the malfunction. Only one option remained; I had to look at the other running programs down in my dock.

As lunatic as the idea sounded it actually revealed the culprit. A leftover RHEL 4 VM running in Fusion. Flipping to the window quickly confirmed my beliefs. Fusion had taken control and RHEL had opened what I now consider to be the worst interface for DVD burning I have ever seen. And I’m taking into account command line apps like mkisofs and cdrecord under consideration here too. Anyways, Fusion had passed control of the device directly to the guest and the host could no longer access it, a perfectly valid requirement. I simply laughed at my stupidity - I should never have been running RHEL 4 in the first place [4].

Just thought I would share.

You know what we be cool for Leopard developers and perhaps others? If Time Machine could start to handle backup snapshot trees. You know - like VMWare Workstation for Windows/Linux’s snapshot manager that supports branching. VMWare even supports the deletion of images in the middle to save space and perhaps enhance performance. It merges disks together when necessary.

Developers could create a branch before installing a particular software component or library and I think kernel (extension)? developers would find this invaluable. You could also think of it as an RCS for filesystems. Perhaps administrators would find it useful in their testing labs as they prepare for deployment of a new server or system. Yes I know these versioning versioning file systems already exist and one even appeared in Plan 9 back in 2002, but I just thought Time Machine could be used as a nice as a starting point for an alternative.

Read the complete article »

I’ve been having tons of wireless network issues lately. At work, which is not surprising being I work at tech company - only God knows who is running what service on their laptop or who is running the microwave in the kitchen across the hall. More worrisome, I’ve been having issues at home too.

So I get home last night and settle down write some documentation in DocBook format. I’ve been writing a custom XSLT in a valiant attempt to unify the documentation process at work. xsltproc is called to perform the transformation on the XML data and create HTML and PDFs as output. Fairly straight forward, right?

Wrong…

I start streaming from iTunes to my Airport Express. Currently, I’m using an Airport Extreme running 802.11N at 5GHz only and an Airport Express running 802.11G for my iPhone and visitors without 802.11N compatible laptops. The Express is wired to a LAN port on the Extreme and is connected via a TIP fiber cable to my stereo.

All of the sudden VPN and VNC sessions start dropping like hell. wtf mate? Long story short my xsltproc process went from 30 seconds to 5 minutes because of remote URLs being referenced as DTDs. I know, I know. My night was pretty damn exciting.

Of course I jump to conclusions and start blaming Leopard. Well after punching the wall a few times I sat down. It turns out it only happens when I have my Airport Extreme in 802.11n 5GHz mode. As a rudimentary example, my download speeds form kernel.org went from 30KB to about 700 KB when I went to 802.11n 2.4GHz only. Not sure what is wrong but I blame Apple Just kidding. If you look at this image you will see a dip in the graph in the center when the Extreme reboots to go from 2.4 GHz to 5 GHz. When it comes back online notice the distinct dip that is in the signal, communication quality, and signal to noise ratio. Not sure if the issue is hardware or interference related but given a similar amount of noise is seen at 2.4 GHz I’m guessing it is hardware related.

Well like any good end-user I immediately installed the latest version of OS X without looking for problems others were having. Well my friend at work, Chris Ashworth, pointed out that my install didn’t list Windows shares in the Finder window under “Shares”. I was only seeing Bonjour systems and didn’t have the “All…” item like he had. Being a computer guy I was obligated to waste entirely to much time figuring out such a small problem. I tried all sorts of things like enabling file sharing (which should have zero impact), entering the SMB system through finder using command+k, and staring at the wall for 45 minutes. None of this helped.

Finally today I re-visited my firewall settings in the security preference pane. I, once again like any good user, had immediately turned on the second option blocking all ports except SSH which I had enabled in the sharing preference pane. I tried the first option, allow all traffic, and low and behold a few seconds later the “All…” item had appeared in Finder and clicking it revealed numerous Windows shares. File selection windows also provided access to the Windows shares. Strange right?

Now I’m no security expert, but having to turn off the firewall to browse for Windows shares seems sub-optimal. Of course given the tiff exploit I just posted about here, I’m beginning to wonder if Apple needs to shift their focus back to security a bit. I’m sure someone at Apple knows something about security and testing. Or did Apple spend the security budget on the 200+ patents in the iPhone?

On a side note, I have forgotten how much fun troll baiting (no jokes - too easy) actually is.

Update: Sometimes being sooooo right is a bad thing

We in the security community have been trying to explain the benefit of MAC to developers in the embedded device arena for awhile now. Maybe if people keep threatening devices with radio chips and tons of proprietary crap the embedded developers will jump onboard. Motorola has been using SELinux/SEBSD on the A1200 and other devices for awhile now. Given the high-level view of the policy and lack of knowledge about the proprietary software and architecture driving the device I can’t really jump to any conclusions about the completeness of their policy but they are at least trying.
Read the complete article »