Security Hacking for kids
From Five hacks you can explore with your kids (Wired)
The thrill of getting a root shell using a well crafted buffer overflow is a joy few non-geeks will ever know. Security cracking is skill that requires an in depth knowledge of networking, operating systems and programming. Helping your kids build these important skills without turning into web site trashing script kiddies is every good parent’s job.
Well quite.
Popularity: 6% [?]
Updates
I'd forgotten what a time consuming, involving and generally ill thought through process updating a copy of Windows is. On the Mac you use a desktop application, on Windows a flaky looking web app. On the Mac you select things like "QuickTime Update 7.6.2" which kind of makes sense, on Windows you select "Critical Update for Windows XP (KB9832082)" which might as well be in Esperanto.
Operating system updates on the Mac are all rolled together, so if you are on 10.5.3, updating to 10.5.7 is one step (and a big download). On Windows you need to repeatedly visit Windows Update to ensure that no new updates have been unlocked by installing the last set.
After selecting your desired updates, on the Mac any further interaction is done right at the start of the process - EULA clicking, etc. On Windows the process is constantly interrupted with wizard after wizard after wizard, meaning that you can't just click "go", put the kettle on and come back half an hour later. No, you have to constantly hand hold the process like some it's some sort of attention seeking toddler.
It also offered me the option of installing something called Microsoft Genuine Windows Notifications which promised, if my copy of windows was not "Genuine", to constantly bombard me with nagging reminders to "solve" this problem.
Who in their right mind would actually choose to install such a piece of software? If your copy is legit you don't need it and if it's not, you don't want it.
It then prompted me to follow a link to a list of benefits of using "Genuine" Windows software. I didn't follow the link, but presumably it's just a picture of Steve Balmer in a bath of money.
Sorry that this post is so unashamedly pro Mac. I'd have mentioned the Linux update process as these days it's pretty painless. The update process itself is painless, I mean. The pain comes after the update when you find that half of your shit doesn't work any more.
Popularity: 9% [?]
The march of progress
Today I received my lovely new Sony Ericsson C902 couriered straight to my desk. It was very painless: Orange rang, I'm a valued customer, they offer me a new piece of kit and a sexier calling package for less money. I wasn't expecting much, just a new, smaller, shinier phone and it is just that. However, it has one thing that most phones don't and that is a mini-jack connector for the headphones. No need to use the rubbish headphones that come with the phone, I can plug whatever I want into it. Now that is what I call progress...
Popularity: 59% [?]
Flashpaper
Adobe have despatched Flashpaper to the same grave of irrelevant products as FreeHand and ImageReady. Considering Flashpaper was made by Macromedia before their assimilation, it was kind of on the cards due to it's competition with PDF.
From the article the CEO a doomed startup whines:
What about all the websites that have been storing all their documents with Flashpaper? It will be a major job having to transfer all those documents to a new solution
Perhaps if instead of willingly submitting to vendor lock in they stored their documents in a recognised, open standard that's widely implemented by multiple vendors they would not have this problem.
Popularity: 69% [?]
FlashCommand
I found this excellent command line tool to compile Flash movies the other day.
It works like this:
-
flashcommand -p -s /path/to/fla
The -p switch means 'publish' and '-s' specifies the path to the source .fla file. It works by opening Flash CS3 in the background and instructing it to compile the movie, consequently it will respect the publish settings you've defined in the .fla so the generated .swf file will end up in the right directory.
Combining this with Flash CS3's ability to import an external AS3 file to use with each movie means bar the initial .fla file creation you'll never have to use Adobe's painfully bad authoring environment ever again.
Popularity: 66% [?]
UK communications database
The latest krazee plan from the Home Office's policy department seems to be a massive database containing the details of every phone conversation and email sent in the UK.
Assuming it works (it won't) then at least they'll realise just how bad the spam situation is.
Popularity: 83% [?]
Running FMS 3 on Gentoo Linux
I've been trying to install Macromedia Adobe Flash Media Server 3 on my local development box and have run into some problems.
To help out anyone else trying to do the same thing, here's how I did it.
First you need to install nspr
-
emerge -uDv dev-libs/nspr
Add a user/group for it to run under:
-
groupadd fms
-
useradd -g fms -d /dev/null -s /bin/bash fms
Then download and extract the media server as per usual. Before installing it, you need to fiddle the install script so that it will install on your "unsupported" platform. Open installFMS in your favourite text editor and find the line that reads
-
DISTRO=`check_distro`
Change it to something appropriate like
-
DISTRO=redhat-RHEL4-i686
Then start the installation script as normal. Tell it that you don't want it to run as a daemon (as it requires the Red Hat only chkconfig command) and that you don't want it to start the server when done.
After you've installed the server, you'll need to make the bundled libasneu.so.1 library available for use:
-
ln -s /opt/fms/libasneu.so.1 /lib/libasneu.so.1
For some reason the install messed up the configuration files, adding things like the administrative user name twice. Check conf/fms.ini to make sure this hasn't happened to you.
The installer creates init scripts at /etc/init.d but in order to use them you first need to create a file called .autostart in the installation directory:
-
touch .autostart
You should then be able to start and stop the server normally:
-
/etc/init.d/fms start
-
/etc/init.d/fms stop
And use rc-update to have the server start on boot:
-
rc-update add fms default
Good luck.
Popularity: 97% [?]
Vista SP1 sales video
I really hope this is a spoof as it makes me want to stab myself in the eye with a fork.
Popularity: 92% [?]
Prototype String.toQueryParams() weirdness
I just came across this while using Prototype:
-
"section=blo%g&id=45".toQueryParams();
To save you the trouble of running it yourself, I'll tell you what happens - the unescaped percent symbol causes a URI malformed error to be thrown.
Very odd. The Prototype documentation for toQueryParams says:
Parses a URI-like query string and returns an object composed of parameter/value pairs.
Since it's a URI-like query string and not an actual query string (by which I mean one that's been through the browser address bar and as such subject to whatever text munging the browser does), my example above should be a legal use case.
After a little digging around in prototype.js, it seems that the problem is caused by the JavaScript function decodeURIComponent() not enjoying being given a string that contains an unescaped percent symbol. Usually percent symbols are used in conjunction with a number to represent a non-alphanumeric character in a URL - %20 for space, etc, but in the above it's a literal percent symbol.
My first attempt to fix it changed lines 98 and 100 of string.js in the Prototype source to use the built in escape function:
-
var key = decodeURIComponent(pair.shift());
-
...
-
if (value != undefined) value = decodeURIComponent(value);
-
-
to
-
-
var key = decodeURIComponent(escape(pair.shift()));
-
...
-
if (value != undefined) value = decodeURIComponent(escape(value));
This worked for my use case but caused Prototype to fail a different unit test. Changing them to the following worked out okay:
-
var key = unescape(decodeURIComponent(escape(pair.shift())));
-
...
-
if (value != undefined) value = unescape(decodeURIComponent(escape(value)));
Granted the unescape(...(escape(...)) is a little clumsy, but it seems to get the job done.
Adding the following unit test to string.html allows to test for the above:
-
this.assertHashEqual({'key1': 'va%lue1'}, 'key1=va%lue1'.toQueryParams(), 'rogue percent symbol test');
I've created some test pages which demonstrate the problem.
There is also a patch file available. Apply it to /src/string.js in your Prototype source tree.
Update
I've also filed a bug.
Popularity: 99% [?]
Code
I haven't posted here for a while, mainly due to the time sink that is Facebook, but I have been writing code in my spare time, honest. I thought I'd have a little skim through what's on my machine and share a few choice nuggets.
Recently I've been trying to get into programming applications for Mac OS X - I use it on a day to day basis so thought it would be best to get involved. I've put some new things on the Stuff page for your perusal. They are:
Backgrounderer
A little app to download desktop wallpapers from veer.com. If you wish to build from source, you'll need to install RegexKit first.
Mail RSS Exporter
An application that exports your RSS feeds from Apple Mail and stores them in either OPML format or Safari Bookmarks.
TouchMe
A program to run AppleScripts on a computer on your local network from your iPhone or iPod Touch - I use this to control a Mac mini attached to a projector. The projector is not always switched on so Front Row was insufficient. It also allows you to force quit applications that have hung.
SimpleHTTPd
A Cocoa native web server packaged as a framework so you can use it in your own projects. Based on Jurgen Schwiezer's SimpleHTTPServer.
All of the above require OS X 10.5 Leopard as coming from a Java/PHP background I have a strange fetish for garbage collectors and consequently find manual memory management tedious.
They are all BSD licensed and source is included with each program so go crazy.
I'll get round to posting about each one in more depth in the near future.
Popularity: 92% [?]
Button, button, who’s got the button?
From an article on the Wall Street Journal about Steve Job's button phobia.
When the company introduced the iPod in late 2001, the most common calls to Apple's technical support lines for a time were about how to turn the device, which lacked a clearly defined power button, off and on, says a former Apple executive.
Wow, I'd forgotten all about that. Years ago Will left his iPod at our house for a week or two and I had such trouble trying to figure out how to turn the damn thing on.
Popularity: 93% [?]
Apache2 and OS X
This is more a note to myself than anyone else, but to compile Apache2 on OS X, use the following configure:
-
./configure --with-included-apr --enable-so --enable-mods-shared=most
When Apache starts whinging about "dlname not found, assuming libtool archive" and shit, and refuses to produce .so modules instead kicking out a bunch of .a and .la files in their place, it means you've fucked up somewhere along the line, probably because this isn't the first time you've tried to run the configure script.
Delete the entire Apache source directory and start again. If you are lucky you'll even get a nice copy of libexpat.0.dylib at the end of it all.
Popularity: 93% [?]
Orwellian
The BBC ... has always taken a platform agnostic approach to its internet services.
And then a little later:
It is not possible to put an exact timeframe on when BBC iPlayer will be available for Mac users.
--bad, indeed.
The corporation's governing body asked the BBC to ensure that the iPlayer could run on different systems - such as Apple Macs - within "a reasonable time frame", initially twenty-four months.
Twenty four months for porting to Mac OS X is reasonable?! I dread to think about the poor old Linux users out there.
The BBC has previously said it cannot commit to a two-year time frame as many decisions would have to be made by third parties.
i.e. Either Microsoft decide to port their DRM software or someone else will have to decide to write some.
A statement from the BBC read: "Our ability to deliver this open approach will be influenced by the availability of alternative DRM systems on the market.
i.e. Microsoft have no plans to port their DRM software to any other operating system so the BBC will have to find some other system to use and so far haven't so we'll just have to wait.
What a load of rubbish. I've always been a strong supporter of the BBC but this is utterly unacceptable.
http://news.bbc.co.uk/1/hi/technology/6236612.stm
Popularity: 91% [?]
Shouty Shouty
Adverts that shout work. I like them. "Bang and the dirt is gone." They weren't lying and if I hadn't been so entertained by the shouty antics of Barry Scott I wouldn't have bought what can only be described as the most potent chemical concoction available to buy (legally) in a supermarket.
My latest favourite is Tyrannosaurus Alan. I don't know why I am so enamoured by a fuzzy felt dinosaur and shouty volcano. I once had a conversation with a marketing type who had to find out why Volvic was continuously outperformed by Evian sales-wise. I didn't know the answer then, but told him that it was because Volvic sounded like part of the female anatomy and everyone knows that Vittel is better than both of them. I think however he must have found the solution; everyone loves the wacky dinosaur and his volcanic buddy. Today's Metro even featured a three (half-)page long advert featuring the aforementioned characters in cartoon strip style (and revealed Mr Volcano's first name – George!), I just can't wait to find out what happens next.
Does it really work though? As much as I am entertained by Mr (George) Volcano's peculiar pronunciation of water I won't start buying Volvic until they decide to do a 'free' (£2.99 for P&P of course) Tyrannosaurus Alan toy. Now, there's a thought!
Popularity: 88% [?]
Warranty
From the little booklet in the box:
Off road riding extracts a severe toll on footwear. On and off the pedals thousands of times, lots of walking, days of 150 degree heat rotting the shoes in your trunk all means these shoes will eventually wear out. When the rubber is worn smooth off the bottoms and your riding buddies locate you by following the flapping noise of your torn uppers, BUY NEW SHOES. Don't return them to your dealer with your altar boy face on and mmble, "Uh, I only used them once and look what happened. Gimme new for nuthin." (sic)
Of course, if we screwed up and forgot to send you (sic) your particular pair through our patented top secret bulletproofing process and they come apart for no good reason, give us a call at the number listed below and we will see what we can do to remedy the problem or come up with another bit of creative customer relations to keep you happy. Just give us a call.
I appear to have just bought a pair of shoes from a company that not only regards its customers as a bunch of scroungers but also feels the need to press this point home in a rather patronising manner.
It's a shame - they are rather nice shoes.
Popularity: 89% [?]
Glastonbury tickets
Alex is currently wondering if the Glastonbury ticket website is run off of a beige box in the corner of someone's flat with a cat chewing on the network cable.
Honestly, what with all the pre-registering bollocks it's not like they were unaware of the demand. Why can't they design a server infrastructure that can handle enough requests?
Popularity: 93% [?]
Whither Wii?
It's hard to believe just how difficult a Nintendo Wii is to acquire. I made a vague stab on release day, trawling the electronics drags on Tottenham Court Road and Oxford Street. Everywhere I was greeted with smirks, and laughter accompanied by pointing and other gesticulation. The guy I spoke to in Virgin Megastore looked like he was going to hit me.
So I thought I'd leave it for a bit until the demand died down. It's just a new games console whose sales are feeding of the intense hype surrounding it. It will sort itself out after a month or so.
On Saturday while ktm was queueing in Argos for a replacement bathroom light (it's a rented property - what, you want us to go to Habitat?), I nipped out to see if, on the off chance, there was any Wii in Woolworths.
No
I was told, but I could order one. How long?
3-5 days, if they are in stock
said the pimply faced youth. Wicked, I think. So I queued to be greeted by the very same PFY at the counter.
Ah, you want a Wii. I'll just pull it up on the computer. Oh, they are out of stock. My gosh! You can't even order them!.
My gosh indeed.
So to WHSmiths. Nope. To Dixons. Nope. Return to Argos. Nope. Having picked up the better half, we headed back to Dixons in search of a FM radio aerial and I took the opportunity to quiz a member of staff on their availability. Nope. I thought I might as well go for it and ask if I could order or join some sort of waiting list. She laughed.
We got a couple in last week, but we are still filling our pre-orders.
!
From November
!!
There are Wii available, however. Game's online store occasionally has stock. However they are opportunist bastards and only sell the console in a bundle with four non-discounted games. Then again I did really want one and the games it comes with are rather good. I took one for the team.
Having come into possession of possibly the most elusive bit of gaming kit currently on the market (save a copy of Duke Nukem Forever) I thought it would be an easy ride from here on in.
The thing is, I haven't told ktm that there's a Wii arriving at some point in the near future*. Consequently, I need to be able to placate her when it arrives. This may be possible via a game or two of Wii tennis. For this, as any 12 year old will be able to tell you, I need two controllers, or Wiimotes to use the approved lingo, and the console only comes with one. I stepped out of my Wii owning friend's trendy Farringdon design studio at lunch time to attempt to locate a second of these fabled devices.
Dixons. Nope. WHSmiths. Nope. Hmm, not so good. Having exhausted the local possibilities, I resolved to head to Oxford Street after work. Virgin Megastore. Nope. Dixons. Nope. Game. Nope. HMV. Nope.
Against my better judgement, I tried some of the little nameless electronics stores at the bottom of Tottenham Court Road who take no greater pleasure than in ripping off gadget crazed geeks with their inter-shop price fixing database. No Wiimotes there either.
?!?@?!?!?@?!
Urgh, this was becoming a little silly.
Since every major store and most minor ones have come up empty, I was forced to try the black market. Computer Exchange.
Yes, we have one Wiimote in stock, but it's £35
the little goth pixie behind the counter tells me.
??!?!?!??!!@@@@?!?@1/
I looked at her incredulously, trying to come with some counter argument about how dare they have the nerve to sell me a second hand controller at above RRP. She stared blankly back at me. I opened my mouth. She put her hand on her hip and tilted her head slightly, as if she was about to begin lecturing me on market forces dictating the price of goods in a free market. ktm's disapproving look as I open the box from Parcel Farce loomed out of my imagination. All right, I'll have it, I grumble. When I protest sarcastically at the lack of box, the happy capitalist goth chirpily informs me that there's a one year guarantee. Hooray. I grab the bag and walk out.
I can't help but feel ever so slightly taken advantage of.
* = It's just possible that I may have blown my cover
Popularity: 90% [?]
Busker rage
Why oh why. Busker, every morning, in his licensed Carling sponsored busker spot, 8.55am, like clockwork, Wish you were here by Pink Floyd. Not only has he got a luminous cardboard sign telling people to smile, or cheer up, or something along those lines, but he's ever so slightly flat in his delivery and never bothers to sing the first ten or so lines of the song. Just every day starts at How I wish, how I wish you were here, etc and repeats this segment over and over and over.
Hardly smile inducing.
Popularity: 88% [?]
svn:externals and different usernames
How to use a different username with svn:externals.
Genius. Well, almost. Close enough.
Popularity: 93% [?]