February 28, 2003

Securing W2K

Michael Howard over at the Secure Windows Initiative released a pretty good set of guides on "Securing Windows 2000 Server". You can even grab the security templates and job aids if you know where to look. Overall I am impressed that Microsoft relelased this information. Consultants who need to lock down their systems now have a pretty good guide to assist themselves.

Speaking of consultants, a congrats goes out to Bear for making the leap into becoming his own boss. I disagree with people that say they can't make their own opportunities, and I am happy to see Barry make the leap. If you need any help at all Barry, let me know. I'll be there for ya in any way that I can.

I am getting pretty frustrated with myself at work lately. I am having a HELL of a time finding a bug reporting system them is extremely easy to use, set up and is free. We used to use Bugzilla, but I really find that its much to complicated. Way to many fields that no one uses or needs for a simple trouble ticketing system for developers and testers. I like FogBUGZ but refuse to run IIS in my network. Joel ported the database to now support mySQL, I am hoping he will someday port the service itself, so I don't HAVE to use a Windows platform as a server. All my servers are Linux or OpenBSD based, and I use Windows for desktop environments. I refuse to turn that around. It just doesn't make sense. Of course, I can't afford to buy FogBUGZ anyways, but thats besides the point.

There are LOTS of bug reporting systems, and they all seem to suck, or not complete. I will not install PHP, so more that 50% of the reporting systems go away, and the perl ones I saw are just butt ugly. I don't want to see rainbows when I look at bugs... I nice little notification icon will suffice. Maybe someday someone will write a FogBUGZ clone, or better yet.. strip down Bugzilla to something lighter for people that don't need to make such complex queries you can drive the CPU to a halt. Chances are I will end up continuing to use Bugzilla... but I really wish I didn't have to.

Posted by SilverStr at 08:36 PM

February 24, 2003

A SILVER Dragon Lies Beneath

A SILVER Dragon Lies Beneath!

I took the Inner Dragon Online Quiz and found out I am a Silver Dragon on the inside. My Inner Dragon is to dragons what the Ranger is to humans. Like all metallic dragons, Silvers rigidly adhere to an internal code of conduct. Each Silver, however, must develop their code individually, a fact which explains their unique dispositions and actions. Silvers are often considered shadows dwelling on the periphery of dragon culture (much like human Rangers), but they can always be counted upon to speak the truth and help their allies. Because no one but a Silver knows what they'll do next, their alignment is "Chaotic Neutral."

Being a Silver isn't all shady head-games, though. I possess considerable intelligence and self-confidence (whether they manifest themselves or not :P ). Magic isn't really my bag, but I'm awfully good at slipping in and out undetected. Which, by the way, is probably due to my slightly-below-average size. My favorable attributes are dependability, durability, problem-solving, mist, and pewter. Like my human counterpart - the Ranger - I'm a superb weapons user and have an especially good command of my icy breath weapon. I know I might be tough to understand at times, but that's just my way.

I found it funny that my nick reflects the dragon I am. Or vice-versa. Still was an interesting point. SO what kinda dragon are you?

Posted by SilverStr at 08:31 PM

XML Libraries

Well... I think Acrterex breathed on me or something as I am now coming down with something. My throat is sore, my nose is stuffy and I just want to go back to bed. I am sucking back enough orange juice and vicks cough drops in an attempt to fend whatever this is before it gets to any real stage of development.

Speaking of bugs and development, this weekend I overhauled my Windows version of ipchains to read and store particular information in XML. When trying to source a good implementation like JDOM was for Java... I found Microsoft's MSXML sucks donky b*lls. It's an ugly COM object model written in C which just has NO clean result paths if you are writing stuff in a C/C++ hybrid. That and the amount of code needed just to write clean failure code paths on return codes is pathetic and ugly. So I went on a quest and found Xerces C++ Parser which does the trick quite nicely. It's cross platform portable, and also comes in flavours for C, Perl and Java. In the end, it seems to be pretty good. I still like JDOM better, but this implimentation is clean and pretty fast. Only draw back is that I have to distribute a 2M dll for the damn thing. The guys over at the Apache group have been working on this, and when I have time I will sift through the source and see if I can strip that down and get it to something alittle more to my liking.... like a few 100K.

My house still hasn't sold. :( The market is booming right now and we have a LOT of interest, but I am guessing the people looking for places right now find mine a bit big. We found a few little places to move to when its time, but we aren't going to fret about it until this place is sold. We can't afford to move before this is sold. We did that last time and I lost a bundle of money I didn't have then. The Monte Carlo is running pretty good now.... after shelling out over $700 to get the plugs fixed *sigh*. Ends up this car is a "high performance Dale Ernhardt pace car" which everyone seemed to neglect in telling me. So normal things.. like spark plugs which cost normal people a few dollars costs me over $15 a piece. And the plugs wiring harness... which is around $70 for normal people is over $300 on mine. And being that its a V6.... the labour to get to the back plugs is intense (over 2 hours just to GET to them as they are on the back near the fire wall of the engine) this adds up quickly. I am told though that this SHOULD (cross fingers) be it until the fall.... lets hope. I can't take and more hits like that when I am not expecting it.

I heard today that Salon is appealing to the community to save them from closing down shop. Apparently they have blown through $80 million dollars, and now need to DOUBLE their subscription revenue to BREAK EVEN. Now, the Internet bubble has burst a while back, I can't fathem WHY they haven't went "skinny" sooner and conserve their cash. Of course, none of us know what REALLY is going on over there to be able to make any kind of intelligent comment on how they run their business, but it will be sad if they just shut down. They should reconsider things and simply skinny down. Atleast then some of the content could still get published. They say they can't as it will hurt their business.... and closing down doesn't? Get with it.

Of course, I'm not one to want to pay for online content like the Salon (nor do I typically agree or even READ what they send out), but I am sure someone out there must like them. They have like 50,000 subscribers paying $20 to have electrons fired at them. If you are one of them... maybe you should renew yer subscription.

Posted by SilverStr at 08:28 PM

February 19, 2003

Trick yer minds eye

Ok, lets have a little fun with your mind's eye. Stare at the image and try to count all the black dots.

Go ahead... count the dots.

Posted by SilverStr at 08:23 PM

February 17, 2003

Neat Book

Found a new book I want to get. Mission Critical Security Planner published by Wiley & Sons. ISBN 0471211656. (This is more a record for myself than anything useful for anyone else reading this). Now to start scraping pennies together and begin the saving process for ANOTHER book to add to my collection. I must have atleast $2000 invested in my security library. When you have no cash (starting a new business drains any resources you MIGHT have had), it hurts even more when you REALLY want to read this book. Oh well... I'll survive.

Speaking of work, if you are an IT guy/gal using Windows XP, Windows 2000 or Windows Server 2003 (beta... you will be a MSDN Universal partner if you have this legitly) and like the power of Linux's ipchains (in endpoint mode.. not MASQ passthrough), and would like to test a command line tool similar for Windows, drop me a line. I am getting together a beta team for such a tool I wrote, and want to sort out some details before I release this for the world to beat on.

DareDevil was released in theaters this weekend. I REALLY want to go but just can't afford it. Money is so tight while I try to start up another venture its not funny. I got rid of my Explorer and bought an old used Monte Carlo to get around, and my house has been on the market now for three weeks. Hopefully it will sell soon so I can pay off a lot of debt I have in association with Merilus closing down, and let me start over again. I am so pumped at how things are progressing with the new company, while at the same time depressed to know we are losing our dream home. The way I look at it, it is going to make success of the new company taste that much more sweeter! And we can always buy another "dream home". But first things first.... its time to move this company along!

On that note... its time to get to work. TTYL

Posted by SilverStr at 08:20 PM

February 13, 2003

PGP Keys

You know I have had a PGP key for over 5 years, and it finally expired on me. I haven't used it much other than file encryption because there hasn't been a clean way to integrate it into mail. When I was using Netscape mail under Linux there was no easy way. Eventually Seahorse came out for Gnome and was a nice interface for GnuPG to atleast keep me off the CLI. Lately with my development being on XP I have been forced to use Outlook Express, and Zim's new PGP 8.0 will not work with OE 6... which really pisses me off. I have had to use gpg through cygwin to get anything done.

Recently with my communications with the National Research Council (NRC) and the Communications Security Establishment (CSE) I have had to revert in using PGP encryption again for both documentation and communications. Kind of refreshing actually... since X509 certs seem to dumb down peoples thinking that an documents attached which are signed and encrypted will be secure once they "save to disk"... which isn't the case at all. Anyways, I got to a point I was curious to see if any conduits existed (glorified MUA plugins) and sure enough... I found one for GPG and OE.

The fellows over at WinPT have written the GPGOE plugin for that specific purpose. And its works pretty well. There is a conflict issue in that you can not digitally sign with X509 certs when the GPGOE DLL is running... but thats easy to turn off so you get the best of both worlds. I had a problem when digitally signing an attachment, and I will need to check out what happened to see if it may be an issue with my keyring or not.

With the new company started, and my old key expired I decided to generate a new 2048 bit key yesterday. If you would like my new GPG/PGP key, you can get it here.

With that said, I need to go take care of getting some documents to Ottawa. I'm outta here. L8r.

Posted by SilverStr at 08:16 PM

February 09, 2003

What OS are you?

Which OS are You?
Which OS are You?

Posted by SilverStr at 08:12 PM

February 02, 2003

DVD Night

Last night my wife and I decided to stay home and watch some DVDs. We rented The Bourne Identity, The Scorpion King and Unfaithful. Man, talk about different types of movies. The Bourne Identity was excellent, and Matt Damon did an awesome job. He played the part of a CIA assassin really well. It would be interesting if they came out with a sequel.... but I doubt it. We then watched The Scorpion King.... which reminded me why I wasn't much of a wrestling fan. Even in this movie.... the Rock can't act. I know they MEANT to make it kinda silly and funny while entertaining... but I didn't really enjoy it after just watching Matt kick ass. Now Kelly Hu... acting as the Sorceress can trapse across the screen ANY time in that get up. We finished off with Unfaithful which was a suspenseful drama which my wife enjoyed more than I. Although I must admit... as Richard Gere movies go... it wasn't to bad. Weird ending though.

Finished up the cash flow model today and sent it for a second review. Except for some depreciation of capital asset calcs (don't recall them off hand) its pretty much done. It wasn't all that hard once I approached it using historical numbers I can easily defend with proof, tied together with industry standard numbers for growth patterns of new software companies, and then cross referenced with supporting research from IDC. I don't understand how it takes some people MONTHS to do this stuff. In the matter of a month I have incorporated the business, completed a new 50 page business plan including a seperate executive summary and a complete cash flow model on top of a 34 page functional design spec (with 3 different sets of external reviews already), 12 page value proposition and market research document, an 8 page SQL Slammer Business Case, complete Threat Model documentation and all the supporting research. I also finished all the logo design, business cards etc while still getting some time in for some initial research code development and about 15 different meetings in Vancouver. It's been a very busy month... and very productive.

This month is no different. I got a tonne of stuff to get done before I really start cranking out code in March. With that said.. I should get some sleep as tomorrow is the start of a new work week. TTYL

Posted by SilverStr at 08:10 PM

February 01, 2003

Honor. Courage. Respect. Admiration.

You will not be forgotten.

My prayers are with the families of the couragous people of NASA. You may not have made it safely to Earth, but you have made it safely home.

Posted by SilverStr at 08:06 PM | Comments (1)