Tuesday, January 29, 2008

I should probably rethink this...

I tell people that the fastest way to get a hold of me is either email/IRC/Jabber. I realised today, I doubt that is possible because most people I know aren't on their computers 24/7 like I am. I keep my cell turned off because I hate it when people call me. It disrupts what I am doing and is a general PITA. I keep my laptop sitting next to my bed at night which enables me to do whatever I need to do at short notice. A lot of really good ideas come to me when I sleep, be it code or project, so I just pop open my lid, open up gedit and type in the idea. Email/IRC/Jabber makes a noise that would wake me up if it played, so no matter when you message me, I will probably respond within a timely matter.

I realise I am probably the only person in the world that does this, but it is better than a cell phone.

Monday, January 28, 2008

What to do...

My birthday is on Thursday, but I don't know what I will be doing. 19 isn't exactly the coolest year ever. If you have any ideas or suggestions, I would be happy to hear some. Otherwise, I will probably do something else, like write a puzzle for gbrainy or something.


EDIT: Party. Friday. My apartment. Invite is on facebook.

Saturday, January 26, 2008

Wootcakes

I decided to go ahead a get http://www.volatileminds.net back up where it needed to be. Whilst doing so, I thought it might be better to start separating my blogposts mainly because most of the people who read my blog are on Facebook and don't care about the technical posts. That being said, if you enjoy reading any technical blogposts I write, I will start writing them on http://blog.volatileminds.net/. Also, check out my new layout for Volatile Minds and tell me what you think.

Wednesday, January 23, 2008

I am think I am going vegetarian

Well, only part-time. I enjoy meat, but I much prefer eating vegetables and such. No tofu, tofu is horrible. I stopped drinking milk a long time ago (like two years), but not because I think it is wrong to drink milk. I like milk, but the stuff you buy at the store has so much other crap in it that I really don't trust it much (that, and the organic milk is gross and too expensive). I will treat myself to a glass of chocolate milk every once in a while, but I get sick when I do.

Anyway, I am not making any commitments since I really won't be changing my eating habits, I thought I would state it officially that I am now part-time vegetarian.

I am currently working a presentation for an assisted-living complex. Our company is doing a presentation on the basics of computer and internet use there and I have the astute pleasure of writing the presentation. I will probably upload it and let others use it if they want. Depends on what my boss wants to do.

Tuesday, January 22, 2008

So interesting

As I have mentioned before, I have been hanging in #clamav on freenode for the past month or so as well as the clamav-users mailing list and I must tell you, I am more and more interested in all things viruses everyday. I was checking out the source to MyDoom.A today just to see how it ticks (I had run across it today at work, as well as a very interesting one that I will talk about in a minute). It uses the ROT13 "encryption" within the source code so that the files it infects aren't in plain site within a hex editor or otherwise. ROT13 means "rotate 13" (n = a, o = b, etc...). Not very secure, but for all intents and purposes, it has the obfuscation down pretty well. It is amazing how simple you can make these things and trick the antivirus programs out there.

Anyway, on the same hard drive (the computer is a Sony Vaio), ClamAV detected some trojans within one of the programs that Sony installs by default. When I noticed this, I tried to find a description of it online, but no dice. Trojan.Jesta was what it had found. I have emailed the mailing for a short description of the trojan to see if it is a false positive. Luckily, I run into a lot of things that help the ClamAV maintainers, such as virus samples, false positives, etc...

Sunday, January 20, 2008

100th post, will it be good?

That depends on whether you like technical stuff or not :-P. We have been having a discussion on the clamav-users mailing list about the .exe format and how it pertains to Linux. If you run Linux, you should know that extensions have pretty much no use on Linux, they are just for organisational purposes. Linux uses a thing called magic numbers to detect what type of file it is, among other things. Linux users boast that they don't get viruses because Linux doesn't carry the same type of permissible binary execution as Windows, letting things in that shouldn't. This being said, you could stick the .exe extension on a rather nasty shell script and have an unknowing user run the script and, boom, you have infiltrated the system. This user might have been told that running an exe on Linux wouldn't do anything because Linux can't get viruses. Luckily, it isn't this easy.

Another thing we have been talking about is Intel processor emulation on non-Intel chips (including, but not limited to, cellphones, AMD chips, smart phones). On Linux-running *phones, there is Intel-processor emulation to run certain binaries, so viruses that wouldn't normally affect system X do indeed affect it because the said virus affects Intel-based chips (including emulation). Even Linux-emulation on Windows emulates an Intel chip. Security experts probably saw that sharing this single characteristic was a bad idea, but alas, history is just a bunch of mistakes to learn from.

I guess the point of this post is to say that, even if you are running a supposed "secure" OS (/me looks at the Mac fanboys), you can still get viruses. Sure, it may be _much_ easier on one platform, but if the virus isn't platform specific, but architecture specific, you might be in for quite a ride. As far as I know, this hasn't been made yet. I wouldn't want to be the guy that has the unfortunate luck to find it though, so don't just blindly say you can do whatever you want because you you may just be the one to discover this new virus. Be careful, make sure you trust the person sending you _any_ type of file on any OS.

Good/Bad things

Good: The Ubuntu devs put out a barebones squashfs. This is nice because the only bloat is in the kernel. I just have to unsquashfs it, mount the necessary devices for internet and such, chroot, do what I will, exit, mksquashfs, mkisofs, and boom, boot to QEMU.

Bad: It is of the latest development release. IE: Hardy Heron, which isn't stable. I can't get it to boot in QEMU/VirtualBox and I have no CDs to burn to test it on my lappy.

Saturday, January 19, 2008

Seriously?

I have been perusing the chntpw code tonight because I would like to start a small GUI for it in C# (or standalone would be best). It isn't very pretty code. At all. Take using #if 0 #endif to keep a block of code from executing rather than just commenting it out. A) That is more typing than just commenting it out and B) it creates unnecessary byte-code. This is used 16 times in ntreg.c. I understand the debugging purposes behind this _before_ releasing the final source, but this is a final release.

Also, they original author doesn't like spaces or common sense.

int dirty=0,to,from,l,i,j,wlen,cofs = 0;

He declares dirty and gives it a value of zero, then declares 7 more ints and gives them a value of zero.

int dirty, to, from, l, i, j, wlen, cofs = 0;

Whitespace in C doesn't matter, so make you stuff easier to read please?

I know this is just a preferences thing, but when he had only one line following an if/for/while loop, he just put the following line of code on the same line:


int find_in_buf(char *buf, char *what, int sz, int len, int start)
{
int i;

for (; start < sz; start++) {
for (i = 0; i < len; i++) {
if (*(buf+start+i) != *(what+i)) break;
}
if (i == len) return(start);
}
return(0);
}


Don't do this, it is bad for your health.

A bit bored

I just submitted a patch to Jordi Mas to fix the totalling bug in the Operator puzzle in gbrainy. I wrote the puzzle while I was in Germany this Fall, but haven't had time until lately to fix the bug. Coincidentally, the puzzle had been excluded due to the bug. I think I am using a different version of aclocal because the patch included a bunch of aclocal.m4 changes, even from a fresh SVN checkout. I sent the patch with the aclocal.m4 info in it and told them if there was something wrong, just let me repatch it with whatever they used.

I don't think I will be getting the job at Guru Labs. I haven't heard back from the admin(s) in about a week. I won't hold my breath, but it would be nice...

I have been hanging out in #clamav lately and some people have expressed a need for a CD like the OpenDiagnostic CD (which I have yet to look at this week :-(...), but with just ClamAV. I might try and do that tomorrow, it shouldn't be more than 200 MB, which is nice, but less than 180 would be best, as it would fit on a business card CD.

Went and saw Cloverfield last night with Geoff, Geppy, Nigel, and a friend of Nigel's. I thought it was really good. Very different from what has been the norm for monster movies in the past 10 or so years. It was left wide open for a sequel, maybe another "found video".

Wednesday, January 16, 2008

Still going on

So, I never checked the web hosts site to see what OS the servers are. They are running Red Hat, so I am downloading Fedora 8 right now. Hopefully, the shared libs will be in the correct place and all now.

Tuesday, January 15, 2008

TorrentFlux on VolatileMinds (pt. 2)

Still working on TorrentFlux, found out what I need to do. For some reason, the webserver doesn't have GLibc 2.4, just 1.2. When I compile Python, I have the libglibc2.4-dev, so I am creating an incompatible standalone installation. I am installing Debian Sid in a VM and will install libglib1.2-dev, then compile python.

To find out what OS the server is running (404 wouldn't tell me), I wrote a little PHP script to run uname -a:

$uname = system("uname -a");

It prints:

Linux host2.wildcatservers.com 2.6.9-42.ELsmp #1 SMP Sat Aug 12 09:39:11 CDT 2006 i686 i686 i386 GNU/Linux

So, I am assuming it is Debian (the GNU/Linux part).

Hopefully, this will be the end of the Python problems (that was the only error I was getting).

EDIT: It has nothing to do with GLib, but the OS being compiled on. More on that later.

Monday, January 14, 2008

TorrentFlux on VolatileMinds

I have unlimited everything on volatileminds.net. I figured I could use that to help out Ubuntu and install TorrentFlux, grab the Hardy Alpha 3 releases, and seed them. I was wrong. The server that volatileminds is on gives me this error:

Warning: is_file() [function.is-file]: open_basedir restriction in effect. File(/usr/bin/python) is not within the allowed path(s): (/home/vminds:/usr/lib/php:/usr/local/lib/php:/tmp) in /home/vminds/public_html/torrents/settingsfunctions.php on line 188

I am working on the fix right now, I think this should be pretty easy... Grab the Python 2.5.1 source on my lappy, compile it with the --prefix=/home/bperry/python, then upload it to the server and point TorrentFlux to the freshly compiled Python. Will post back if it works. :-D

Sunday, January 13, 2008

ClamAV Tutorial for Ubuntu Gutsy

I have been writing some tutorials lately with the intent on publishing them here, but then realising most of the people who read this probably don't even care about virii, especially on a Linux server. I have talked to Christer Edwards and he said to go ahead and send him some tutorials and he will see what he can do (he runs ubuntu-tutorials.com). I figured I would at least link to the tutorial here for gits and shiggles. Link. If anyone finds any problems with it, please tell me so I may correct them.

Ubuntu Meeting Today

We have an Ubuntu DFW Team meeting today and being the team leader, I must tell everyone I know. So those reading this on Facebook, we will be at Java and Cha in Plano (off Coit Rd) starting at 3. We will be discussing things like OCAM, Hardy bug submissions and traigeing (and fixing for a select few programmers in the group), and generally having fun, eating cheesecake, and drinking tea. The meetings usually end ~6-7 PM and consist of me and just a couple 3-4 more guys.

Saturday, January 12, 2008

I am very disappointed

I just realised last night after looking at the OpenDiagnostic CD website that I haven't even looked at it for over a month. At all. That would be a bad thing. I really enjoyed working on it because not only did I learn more about Linux in those couple months than I did the in the whole last half of last year, but it definitely made work easier (probably increased my efficiency ~30%). I never wrote any documentation for it and there isn't even a tools page, just a home page and downloads.

I have made a late New Years Resolution to work on the CD this year for at least one day a week (that is only four days a month).

Thursday, January 10, 2008

Controlling the weberweb

Do the Asian language speakers/writers out there write from left to right, but read right to left? I was at a conference one time and was really bored and remember watching the guy in front of me writing in some Eastern language (obviously of Asian descent) from left to right. I then thought to myself, "I thought they read right to left..."

Someone, please tell how this is done? Thanks.

Wednesday, January 9, 2008

Be careful what you type for...

I have been working on the login PHP scripts and such tonight and security isn't something I am worried about right now. That being said, I do employ md5()'d passwords from the beginning for clarity purposes.

About an hour ago, I had finally gotten to a testing point to make sure all the logging in would work with the user id's in the database and all the pages that I have created redirected correctly if there was no cookie set or went to the right places if it was set (correctly). I tried to login the first time and it came up login failed. I was pretty sure I had type in the password correctly (user ID was 1, can't get that wrong), but I tried it two more times just to be sure. I ran through the source of all the PHP files and couldn't find out why the form wouldn't let me login. The only file I hadn't checked was install.php. It sets up all the databases and the default Administrator account and password. Sure enough, I had made a typo in setting up the employee database.

What I had put was:

40 $create_tables = "CREATE TABLE employee( ".
41 "empid INT NOT NULL AUTO_INCREMENT, ".
42 "empname VARCHAR(50) NOT NULL, ".
43 "emppass VARCHAR(30) NOT NULL, ".
44 "PRIMARY KEY(empid))";


Can you see what I did wrong? For those tech-savvy enough to see, it really isn't very blatant. For those who aren't very tech-savvy, MD5 hashes are 32 characters long. I was storing an 32-character string in a 30-character field, truncating the last two characters of the hash. It was coming looking like this:


mysql> select * from employee;
+-------+---------------+--------------------------------+
| empid | empname | emppass |
+-------+---------------+--------------------------------+
| 1 | Administrator | 21232f297a57a5a743894a0e4a801f |
+-------+---------------+--------------------------------+
1 row in set (0.00 sec)

mysql>


instead of like this:


mysql> select * from employee;
+-------+---------------+----------------------------------+
| empid | empname | emppass |
+-------+---------------+----------------------------------+
| 1 | Administrator | 21232f297a57a5a743894a0e4a801fc3 |
+-------+---------------+----------------------------------+
1 row in set (0.00 sec)

mysql>


The bug was in the absolute last place I expected it to be, but I guess that is how it goes sometimes...

PS: Sorry the MySQL tables get a bit screwed up, Blogger deletes unneeded tabs...

I am happy

Today, I ended up reloading Ubuntu on my work computer. I was on 7.04 when the day started. I was checking out the status of ClamAV and realised it had released 0.92 officially. I have been on this installation of Ubuntu for a couple months now, and it was a pretty dirty installation. I do a lot of testing on it, software wise. So, I backed up all the customer backups, records, and disc images to an external drive and downloaded a Xubuntu 7.10 CD image. I had left a customer's hard drive in the IDE tray and the external plugged while I installed Xubuntu. I guess I selected the wrong drive during installation or something because the customer's MBR got wiped, so it wouldn't boot in her computer (easy fix, boot to Windows CD, Recovery Console, fixmbr). Because the installation used her MBR instead of mine, GRUB errored every time on my computer. I didn't have the time to deal with the MBR on my machine, so I just took out all the drives and reinstalled Xubuntu (it only takes like 10-15 minutes, so it was worth it).

After that, I restored all the backups and images, compiled ClamAV 0.92, had to do a sudo ldconfig because I was getting a shared lib error. Then, edited the /usr/local/etc/freshclam.conf and clamd.conf to enable updates and such (don't know why they aren't enabled by default, at least in freshclam.conf). ClamAV has had a much higher detection rate (compiled with --enable-experimental) than Norton has in our little tests/contests at work, but is considerably slower. I think the average scan is ~150 min. Norton is generally 30-45 min. I do find virii that ClamAV doesn't catch sometimes though, so I try and and burn them to a CD with descriptions and such and upload them to the ClamAV team to get some defs for them.

I am currently taking a break from the customer portal I am working on for work. I will probably finish the add customer and employee forms tonight with the PHP stuffs included. Will try to finish jobs by the end of the week. When I am done (should be next week some time), our customers will be able to login and see the status of their computers. I really wish our POS was able to be integrated with so we wouldn't have to enter the data twice, but, alas, it isn't. The POS I write will be fully integrated with it. If I ever get around to writing it , that is...

Tuesday, January 8, 2008

Structure is something I am not.

I am not a structural kind of person. If you mapped out my thought-process on a scatterplot, the only thing it would be good for is a game of connect the dots. Because of this, I can solve problems really quickly and efficiently because I do not look in the same place for an answer every time. I guess the only way to really explain it is like a hybrid HDD, those kinds with RAM and ROM. I can remember anything I read, but if someone tells me to do something in X hours, there is a good chance I will forget because my short-term memory is horrible. I can't really explain that part except that when they tell me to do This and That, I stick it in my RAM, then I inadvertently shut down that program in my mind and lose whatever data that program was holding. Now, if they were to send me an email or leave me a post-it note, I will remember what I have to do because I read it.

Another downside to this is I have horrible people skills, though apparently girls think it is cute :-/. Well, it isn't that I have horrible people skills per se, my mind just moves to fast for my mouth or body too keep up with, so I stutter a lot, hurt myself a lot (not bad hurt, just small cuts and such). People perceive that kind of behavior as abnormal or awkward. This happens a lot with customers at the shop, I will forget I am talking to someone not as computer literate as me and I will go off into why the memory addresses correspond to what went wrong because these memory address are on the stack and these are on the heap. I know it gets on my bosses and Geoff's nerves. That isn't all, though. My boss and Geoff will be talking about something, then one of them will say something that reminds me of something (it makes sense in my head), but have nothing to do with the conversation that they are having. What happened was, maybe Geoff said the word "hypocrite". I read a story about the Africans and the OLPC project this morning (I heard "hypo", I thought "hippo", then Africa). Then I will say something pertaining to Africa and to them, it has nothing to do with the conversation.

Structure is something I am not, do not expect me to pretend I am.

Saturday, January 5, 2008

Help Wanted

The past couple blog posts, I have mentioned I have been working on a new company website. Usually, after I make some substantial changes, I will show it to Geoff and see what he thinks. Today, he said it should look like the Geek Squad website. I wholeheartedly disagree with this. I feel the Geek Squad website is extremely cluttered. I look at it and think, "Jeez, could they try to fit more content into one page?"... I do not think we should be using the Geek Squad site as any kind of a reference, but more of a here-is-what-not-to-do web page.

Some websites that I do think are spectacular are Banshee, GNOME, and Linterra. Linterra uses Flash, of which I do not approve of, but each one of these gets straight to the point. On the Banshee site, within the header, you have one sentence that sums up the entire project. The GNOME project's website isn't as good as Banshee's, but it is extremely clean, no clutter. Linterra is still a bit more cluttered than I would like, but the layout is extremely well-defined. It is obvious where things need to go.

The Geek Squad site is very inconsistent (the content itself is centered in a box that is aligned on the left, outside of the footer which is not centered and the text is aligned to the left). It is not well-defined at all. No predominant bordering, it looks like the content was just thrown in there.

Anyway, I want anyone who reads this to give me a site or two that they think is a very good point of reference for ease of use, UI, and anything that contributes to its user experience. (if you can) Thanks.

Consider the following 2

Auto accidents are the leading cause of death in teenagers aged 15-20. Most teenagers do not get new cars when they get their drivers licenses. They get used cars. Very used and very old cars. I know that both of my cars have been over 20 years old, broken seatbelts, and no airbags. Many teenagers are put into the same position I have been for the past 2 years that I have been driving. They get notoriously cheap and unsafe cars, but their insurance is higher if they get a safer, newer car. Therefore, if these teenagers do get in serious car accidents, they have a much higher rate of death. What is wrong with that picture? My first car was an '87 Chevy. No airbags, seatbelts didn't work (correctly), horn was dismal at best. Luckily, I had no accidents in that car. Then I drove my dad's Kia while he was in the Middle East. No accidents. I now have an '89 Buick Century. No airbags. The pendulums in the seatbelts are borked. My driverside window will fly into my face if I get T-Boned and probably chop my head off. I have had a minor fender-bender in that car. But my insurance is very low. I would like to see the statistics of the rate of death in teenage accidents when they did and did not have airbags or functioning seatbelts.

Thursday, January 3, 2008

No! Not that one!

I have been quite the busy bee lately with work and such. Developed a new site for the shop, just working out the last of the kinks now, as well as the content. Started writing a customer interface in PHP last night for the site so the customers can check the status of their computer(s). Then, Geoff, Adam, and I went to Starbucks for an hour or so and just talked. Went back to the apartment and watched Bloodsport.


On the site, I have some PHP and forms for sending us feedback. I use mail() to send the emails, though it always gets rejected as SPAM. Will try PHPMailer to see what I can do about that.

Finished setting up the databases last night for the customer interface, would have gotten more done, but I didn't A) copy my code over to my laptop so I could work on it at Starbucks or B) install SSH on my desktop so I could login from Starbucks. Well, the latter would have been a pain. Starbucks has a deal with TMobile to charge money to access the internet (except iPhones, and don't get me started on that). It is 9.99 for a 24-hour Day Pass. I have TMobile service on my cell phone, so I don't think iPhones should get free internet at Starbucks. I am giving TMobile like 40 bucks a month to use their services (let alone their ridiculous text messaging prices), I think I deserve get free internet at Starbucks way more than any iPhone owner. End rant.

I know it is a bit late, but happy new year.