May 30, 2003
Sounds of Music
And I hope I never hear it again. I lost a few minutes of life on that link... so can you. (And no, I will not refund the time lost)
P.S. to Arc: I just finished watching the Half Life 2 demo. *WOW* Although I still think Doom3 looks prettier, the AI and physics in Half Life 2 looks awesome. Especially the bio 'nade to call up the evil monsters!
May 29, 2003
Shall I 'Recruit' you for a Dinner and a Movie
Just finished saying goodbye to Arcterex and Firefly. They came over for my wife's awesome lasagna, and the opportunity to watch The Recruit, which just came out on DVD.
Awesome movie. Outside of some silly 'Movie OS' style issues surrounding computers, the movie as a whole has enough plot twists to make your head spin. An excellent movie to end the night with. I completely recommend it if you are into the 'thought you understand it' spy movies. This is no 007 caper, this is dirty espionage the way only ever told in dark alleys behind the Kremlin.
Right now I am waiting for the Half-Life movie (25 min one) to finish downloading from Arc's server, and browsing the net looking for a better torrent file for RTCW:Enemy Territory for Windows. If you have a link to a torrent that's not from ID(Their's keeps timing out on me), let me know.
RTCW: Enemy Territory Released!
Well, its not Doom3, but id released Return to Castle Wolfenstein: Enemy Territory to the world recently. They are giving it the full version away for FREE, so happy downloading. Personally, I am just waiting a bit and will use the BitTorrent link when everyone settles down, and has it in their seed/clients :)
Posted by SilverStr at 08:44 AM
May 28, 2003
Drawbacks of Cyberfriendships
Over the past 12 years I have more and more emmersed myself in cyberspace. I have grown to basically live here, working and playing on a daily basis.
It's weird, but I have way more cyber friends than I do physical "real world" ones. Although some of them are both, most live so far away I am lucky to see them even once a year, if at all. Hell, Tim(/me waves) and I have never ever met, and we worked together for years.
And I think that is the draw back to such friendships. When you just need to get together after a crappy day and whine about it over a beer or a coffee, you just can't do it. After the hellish closure and failed rekindling of Merilus/NetMaster, my friendship with my best friend ended up with such a large wedge between us we seem to barely be able talk to each other. And when I look around now, I realize after so many years being reclusive in cyberspace and my work, all my close "real world" friends have moved farther and farther away, making it impossible.
Maybe thats why I find blogging so therapudic. Even though I can't really blog my deepest and darkest thoughts and feelings, it still seems to be alright.
Of course, I think I really need to get out to that big blue room and find some new friends, because I like going out for a drink... and hate drinking alone. And driving like 30 minutes to an hour just doesn't seem fun to me all the time. Oh well, I guess I should suck it up and just get back to this corona and my kernel debugger.
Novell just gained ubber points
I hate SCO. They are putting such negative pressure on the Linux industry it isn't funny. This is their core business now, as no one wants their linux distro, and few people use their Unix package.
When we started a freenet MOONS ago, Grayden and I fought long and hard at our first meeting to use Linux as our server's OS, but lost out to ignornance when Limos won out by donating a huge seat license of SCO Unix which included support, donated by the military. Funny thing was about 8 months later we moved everything to Linux *lol* I hated SCO then, and I hate them now. (Although as Unix goes, SCO Unix wasn't that bad).
Today though, is a good day. Novell came out and smacked SCO back into the dark ages. SCO does NOT own the copyrights to UNIX. Novell does. SCO only has the RIGHTS to sublicense.
So there still may be merrit for Sco to chase organizations like IBM down who have breached a licensing contract with them, but they can't do diddly with my Debian boxes. You can't sue someone for breach of contract if they don't HAVE a contract with you!
Of course, the damage is done. Many organizations have had the bad taste of the law suit, and have moved on. But for those who stuck it out, I think this may be a glimmer of hope. Far from over, but still hope.
Lets all chant the graces of Novell, even if none of us use NetWare anymore.
Posted by SilverStr at 09:48 AM
May 26, 2003
Weekend Wrap Up
Well, not much of a weekend. Spent Saturday with my daughter cleaning the garage and stuff. Went out to Langley on Saturday night to play some cards and visit with friends. Damn construction for the new Safeway almost had me bottom out my car when I went around the corner right into a huge pothole where they are doing road reconstruction.
On Sunday I was expecting to go see Bruce Almighty with some friends when they got back from Seattle (and pick up some much needed ram), but apparently they decided to go without me. Bastards. Fine... be that way. :P So instead I decided to work and sit in the bowels of my kernel debugger.
Picking up the ram is somewhat important. I put an order in with Arcterex when he went hardware hunting and picked up 512 Mb for like $75 bucks. Just got to get it from him now. (Assuming he hasn't stolen it to take to work so he can have some sort of working machine) That will bring up my total to either 1gig, or 768Mb, depending on if I can just add the stick, or have to pull one out. Haven't cracked the box yet to find out. There needs to be some sort of software to tell you the ram configuration WITHOUT having to crack the case. Be nice to tell you which bank has how much ram. Guess I will find out the hard way.
The amount of ram may seem excessive, until you realize right now I am burning through about 780Mb, which is swapping like crazy when you only have 512 Megs. Once you get your favorite Internet/email suite going, a vmware session going mad, Microsoft's compiler, WinDbg, about 5 bash/vim windows going (oh ya, and winamp) you start eating up anything you can get. I would upgrade the processor, but that would mean a new motherboard, and I can't afford that right now :(
Hopefully the bump in ram will help a bit. I don't really wanna buy a new machine until the Doom3 specs come out, as I just know that is where my next "gaming" bug will come from.
Until then, I guess I should get back to work. TTYL
May 23, 2003
Pushing the boundaries at Universities
Last night I guest lectured at the local university, doing a talk on STRIDE threat modelling and how to write more secure code. Talk went over ok I guess, but I could tell many of the students still haven't "figured out" that security is important.
Today, as I do my daily ritual of /. goodness, I came across an article where the U of C (my old stomping grounds) is now going to teach how virii work, and even how to write them. As usual the anonymous cowards (well most posts actually) bitch and complain about it, and start throwing around anti-canadian sentiment. *sigh*
I actually think U of C is bang on. Here is a quote in my slide presentation I did last night on Threat Modelling:
I hold to this. In their case, you can't STOP a virus, unless you know how it works. No one criticizes the same approach in medicine when people make flu vaccines. In case you didn't know, they "play" with exisiting virii to basically build a vaccine of a milder case of the flu to inject you with, then allowing your natural white blood cells to create antigens to fight off the actual flu. Sometimes, they make evil strains that are hard to almost impossible to stop. As they do it in contained and confined labs, there is a level of protection to allow them to do such things safely. Same goes for these digital virri in the isolated lab at the U of C.
Anyways, kudos to the U of C. Hopefully the program will help create better developers that will understand the threats they are suceptible to, and thus create better quality code to fight against it, and in the end make a more safer computing environment for everyone.
Posted by SilverStr at 08:37 AM
May 21, 2003
Sometimes human nature amazes me
So today I am sitting here complaining to my wife about the crappy weather we are having, when low and behold I find some info from Arcterex's site about a guy named MJ who has braved a trek across the US to come up to Vancouver to continue his studies! He speaks of the beauty of my backyard, and I quickly remember why I love it here so much.
With any luck, he will have no troubles getting across the border. To bad we didn't have a welcome wagon for him at the border now that we know what the car looks like, as well as him.
Anyways, every canuck out there should give MJ a shout out and welcome him to the country. Anyone that makes such an effort to come up here to study deserves it.
Posted by SilverStr at 03:10 PM
Toys I can't afford
Had me remembering the TungstenC I want so badly. *sigh*
Why do I put this in my blog? To remind myself I need a new PDA and need to figure someway to buy it. If you are some rich tycoon bored and reading my blog, please buy me this. I will be your friend forever!
Hey.. I can dream... can't I?
LOTR: Return of the King
/. had a link to some stolen E3 footage of the ROTK. Although the quality is pretty poor, it still gives a glimpse to what is to come. I can't wait.
Posted by SilverStr at 11:06 AM
May 20, 2003
Canoes, Camping and everything Outdoors
*Warning.... long entry*
Well, in case you haven't noticed I haven't blogged for a while. That was because I left the den to brave the great outdoors. Been a while since the guys got together for our annual camping trip (which yours truely has kinda neglected in the face of being so busy in the past while) and we decided to make sure we did it this May long weekend.
As you can tell by the fact I am writing this, I survived. Not only that, I am back, recharged and energized after being in all that BC fresh air! If you don't care to read about the trip, you are welcome to just go check out the image gallery.
Still with me? Good show. Well, the trip started off a little late. We were supposed to be mustering around 10-11 am to start the trek out to the lake, but we didn't actually get out of Chilliwack until like 4pm. We all decided to go see the Matrix Reloaded with other friends the night before, and as such, ended up not getting in touch until the next morning... when we were SUPPOSED to be already packed and going. By the time we did muster together for lunch at 2:30pm I realized that my CB needed a new car adapter, and later also realized a fuse was blown and had to replace it. All is not lost... radio shack was my friend and I got it all patched up and we were off.
The drive itself was uneventful. We took the canyon and was on pavement the whole way there. Kinda wished we could have 4x4 for a bit, but leaving as late as we did it didn't make sense to. We arrived at the BC Hydro camp site at Seaton Lake around 7, by the time we went and checked everything out.
Side note: Consider checking out some of BC Hydro's camp/recreation sites over forestry camp sites, or even public(yuk) camp sites. They are FREE, clean and even supply wood. Well, atleast Seaton Lake did. Was a pretty good site, even if it wasn't directly on the lake.
We spent two days making sure we got a chance to get some canoeing in, even in the face of swiftly changing weather (damn weathermen can never get it right). Seaton Lake is a beautiful lake, with a crisp green hue that is almost hypnotic. Of course, this is because it is so damn cold being glacier fed and all. Falling in wasn't an option and lucky for me my canoe partner was Doug, so we didn't have to take Bailey(Rick's energetic Labrador Retriever), in our canoe. I could tell everytime the dog moved in their canoe as the thing would start to tip. They stayed dry amazingly enough, and we all had a good time.
One neat point in one of the canoe trips was a hidden abandoned cabin we found on the side of the lake that has train tracks. I got a few shots of it in the gallery if you want to check it out. Seems like an amazing spot for a cabin. To bad it's so close to the tracks. I would gather the rail company bought the land and never bothered to perserve such a beautiful architectural masterpiece. (Hey look beyond the weathered wood and imagine how that looked in its day... wow).
The only regrets (if you wanna call it that) about the trip was I was hoping to have some time to myself to enjoy a book I took up there, as well as some Anthony Robin CDs (Get the Edge, his new set). Instead we hung out together and enjoyed the canoeing, some killer frisbee (until you see how Bailey can kill a frisbee, you won't know what I mean... you had to be there) and drinking around the fire. Got a bit of reading in, but it was just to loud to really be a 'relaxing' read the way I would like it. Rick had the right idea and just got up before everyone to get some reading in.
I could go on and explain the trip in greater detail, but the fact of the matter is that unless you were there, its really not easy to talk about. We saw lots of wildlife, enjoyed an evening of star gazing (awesome up there with little light pollution), enjoyed two days of canoeing and basically had a great time. Just the right amount of days to actually enjoy it all. And get back to civilization and the hustle of life. Which reminds me, I have a tonne of email to go wade through.
May 15, 2003
All I can say is HOLY CRAP, WOW! WOW is just not enough to encapsulate it. Nor could any of my words. Due to so much "spoilerage" I will refrain from saying anything more until next week about it.
Oh one hint. Stay AFTER the credits. There is a secret trailer after all the credits finish of the next sequel, Matrix Revolution.
While surfing I found this funny promo for the Long Beach Film Festival. Arc asked I put it up so he can check it out later. You should to.
Awesome Doom3 Trailer
There is so much I could say. But Arcterex covered it all, including the sweetness of BitTorrent (I got like 300 kB/s when grabbing the Doom3 trailer)
May 14, 2003
OK, here are some funny flash movies I have been snickering at lately:
Stickman Fighting Fun (This guy always has kewl fight scenes)
Spank the Monkey (Keep it in your pants...)
"Cat"apult (Fun game)
Behind Microsoft (Old, but still kinda neat)
Iraq2 Game (Be a world dominator)
Duck and Cover (What our parents learned during the cold war)
Suicide Bomber Game (How many can you take out?)
Transport in a BMW
Watched Transporter last night. Wicked movie. As a true BMW fan, it was nice to see one actually put through its paces. The fight scenes were a combination of Jet Li style and Jackie Chan, done by a white guy. Not to shabby.
For those who have seen it, what did you think about the bike pedal scene with the oil? Ouch. Definitely a first in fight history.
Well worth the $0.99 I spent renting the DVD on Tuesday. If you haven't done so yet, pick it up. Not for the plot (as predictable as it was) but for the shear non-gore action.
Posted by SilverStr at 09:10 AM
May 13, 2003
Light on, Light Off, Light On.. you get the picture
Ahhh, the power of the electron. Information is nothing more than 1's and 0's. On or off. Alive or dead. As a programmer I sometimes feel like an artist, sculpting binary data into a great work of art, designed to solve some sort of problem. Then again, some days I think all I am doing is welding a couple of beer cans together and calling it 'cultural art'. Other people do that for a living. They are typically called PHP scripters. You get the picture.
Anyways, today was a pretty good day at work. I finally got around to doing fast low level bitwise ops on raw memory to quickly be able to determine if an IP address is within a subnet range. I ended up with some clean, and somewhat easy to understand code that looks something like this:
network = raw_range & mask;
broadcast = network | ( 0xFFFFFFFF & ( 0xFFFFFFFF ^ mask ) );
if( ip > network && ip < broadcast )
You get the idea. Those three little lines save tonnes of iterations and function calls by simply accessing pointers to raw memory.. and is required since I don't have access to any user mode libs that do this for me. Then again, being that I rolled my own its also got the benefit of being faster, and smaller than some monolithic library or module.
I have to admit this has been kinda fun. It's nice when you accomplish something like this without the need for a vendors library or built in API. I think we rely to much on other people's code and use the blanket statement of 'code reuse' without really understanding the implications of it. Come on, I know some really bright developers who are perl module sluts (/me waves to Wim) and rely on stuff that is already out there. This is actually a great way to get things out fast, and has its place. But it doesn't mean that from a quality point of view that its better... or worse...
Atleast, not until you start writing kernel-mode code, and you realize you can't rely on such things, and you need to go back to the raw basics at the bare metal. Now I realize WHY operating systems, compilers and drivers are written in C, and C alone.
Yes, I am nuts. I just I hope I don't end up with any ticks or looking like many other kernel developers Alan has commented on recently.
Posted by SilverStr at 06:31 PM
May 12, 2003
Spent the night at the local LUG and watched Revolution OS. Not a bad movie. Sure shows who the egos are in the Open Source community. You would think Linus would be, but its actually the guys around him.
Work has been frustrating, yet productive. Finally getting the hang of coding within actual memory code pages and using raw DDK. Although the learning curve has been steep, I already can think of 4 other kernel-mode projects I gotta work on. No rest for the wicked. *sigh*
Took last Friday off and spent the 'long weekend' with the wife. Had fun watching 'JackAss the Movie'. I thought it was going to be stupid (which it was kinda), but it was outright hilarious. Snorting wasabi is just crazy.
Well, I need to go get some sleep. Will be heavy into the debugger tomorrow as I now work on some funky code to speed things up to do look up compares. I really wish I knew how to bsearch two keys in a linked list quickly... and still maintain the sequence in the list. Since you can't qsort a chained linked list... its absolutely out. Oh well... I'll go sleep on that.
Posted by SilverStr at 11:59 PM
May 09, 2003
The bandwagon has officially stopped
Posted by SilverStr at 10:20 AM
May 08, 2003
No rest for the wicked
NOTE TO SELF: You wanted to to be a Lord of the Ring Zero. You deserve the misery and pain.
Yes I wanna bitch. But I only have myself to blame. I wanted to get into low level driver development, basically writing to the bare metal, because very few people were doing it, and it was the only place to really make a difference for security on the Windows platform. I'm ok with the steep learning curve, actually enjoying the challenge.
But I NEVER thought I would have to write my own primitive functions. What do I mean? Well here is a tip for anyone wanting to get into Windows kernel development. You can't use ANY of the Windows API during code development. Winsock is right out. Win32 is right out. As is all the nice helper functions for the API etc. You MUST find a DDK equivelant, or write your own.
This morning I was forced to write my own inet_ntoa function. Decided to do it first with gcc to test it before I would put it in my driver. Worked great. Even did nice safe string functions to make life sweet. Then I decided to port it to the kernel. *UGH*
Here is one line to show you what I mean:
See what I mean. Notice the comment? Yes, even basic primitives like _snprintf doesn't exist.. forcing me to use this ugly beast. *sigh* It works though, and that is all that matters.
Posted by SilverStr at 05:19 PM
May 06, 2003
Unclassified NSA Documents
I have had a chance to look at the XP docs, and they look pretty thorough.
Posted by SilverStr at 07:31 PM
May 05, 2003
Words to live by
"The ultimate measure of a man is not where he stands in moments of comfort, but where he stands at times of challenge and controversy."
- Martin Luther King, Jr.
Amen to that.
Posted by SilverStr at 06:19 PM
May 04, 2003
Virtual emulation dreams
Arcterex recently has had the luxury of playing with Macs again and looks like he is falling in love. I am already there, but just can't afford one. I could justify it if I was developing on it... but I am not... yet.
Has me thinking though. I spend a great deal of time developing on an Athalon 900 with 512 megs of ram, using VMWare as a test platform which I give just over 200 megs to. This is mostly because most of my code now adays is kernel level ring0 code which easily can crash/lock up the system, which makes an emulator that much nicer. I wonder if I could still do my Windows development while on a PowerBook if I fed Virtual PC my environment and tested that way.
Theory is, I would be doing nothing different, hold that to my dev envrionment actually being the test environment as well. Might not sound as bad as you think.
I just wonder how stable and fast Virtual PC is, and if I fed it 256 megs of ram, how comfortable I would be developing in it. Wonder how far I could take that.... maybe even further.
1GB/ram OSX -> 512M/ram XP through Virtual PC -> 225/ram XP through VMWare. Theory is.. thats exactly my system now (without OSX of course). Wonder if you can emulate that deep. *shutter*
Anyone know if this is possible?
May 03, 2003
MSI, X2 and some other acronyms
Yesterday was pretty busy. Started off with me getting ready to head to Vancouver at 6 in the morning, only to go psyco running around the house to find my wedding ring. Somehow, somewhere it went missing off my desk. Not sure how. But it sure is depressing to even think it was stolen by some kids that were here. I typically take all my jewelry off when at home, as its more comfortable to type without my ring or watch on... and I am starting to regret that now. :( Anyways, still haven't found it... lucky I have a wife that understands. She wonders if maybe the cat did something with it... hope not. I hope it just fell off my desk and is hidden in plain site or something. *sigh*
Finally got on the road just before 7, and headed in. Drive wasn't to bad, hold that to a screw up at the Tim Horton's in Abby... giving me some gawd aweful mixture that WASN'T a Cafe Moca. Made it just in time to sneak in before the start of a seminar hosted by Wise Solutions on .MSI migration with Microsoft's installer technology. Was pretty good once I found out their installer finally supports security permissions and ACLs per file. FINALLY!
Seminar ended at lunch, and I rather enjoyed sitting in the sun, eatting some take out japanese teriyaki while watching the cruise ship passangers in bikinis and sneakers grace Vancouver's presence. Except for the lady that was like 70 who was doing it, it was quite a view. (Hey lady, bikinis are a privilege, NOT a right.)
Headed out of Vancouver and down to see the Chief. After enjoying good conversation, some mentoring and a spot of Earl Gray tea in the Rose Garden I headed off over to raskal's to see what he was up to. Always nice to see him, and rather enjoyed the short time we had. After a reminder call from Arcterex that we were marshalling at his place before heading to mission for sushi and XMen2 it was time to get in the car, and see what she could do.
About 10 minutes later I was at Arc's place(yes, my car CAN hit 140 in no time flat)... I just missing him. Finally hooked up with him at the Sushi place in Mission/Maple Ridge and enjoyed my first plate of "Hot Dog Tempura". I'm not kidding. Kinda like a corn dog, but not. Anyways, snarfed back some rolls, tempura and tea... and headed to the movie.
Movie was great. I won't spoil it for those who haven't seen it, but it was quite enjoyable. But I think Matrix Reloaded will be better. We will know in 12 days!
Until then, I will emmerse myself in my work. Lots of stuff happening. Which reminds me, I got up early so I could update a new functional design spec for part of the new stuff I am working on. I should go do that. TTYL
Schimdt to work for eBay!
So, Howard Schimdt leaves Microsoft to basically build the security infrastructure for the Department of Homeland Security. Shortly after he realizes the politics may prevent him from doing any real work, and he resigns. That was like to weeks ago.
Today I found out why. He's going to be the VP of Security at eBay. I am guessing eBay has a bit to much fraud (didn't some Ufies try selling someone online a few times??), and believe Howard can change corporate policy and fix that. Guess we will have to see.
Don't blame him though. I am pretty sure he got a pay raise.. and may even get a Segway!
Posted by SilverStr at 07:17 AM
May 01, 2003
Great security engineering column
Michael Howard released a neat column on Integer Manipulation vulnerabilities, and methods to audit code and fix such flaws. Recently there has been a bunch of int overflows in OpenSSH, Apache, RPC etc... and this column came at the right time to address the issue.
Anyways, if you are into security engineering, you REALLY should read this article. Well actually, if you are a programmer of any kind, you should read it anyways.
Posted by SilverStr at 03:32 PM
MS Looks to Outsource Security Testing
Atleast they are now thinking about it. In time, they may even take action and do it. I cannot fathem why with all the money they have that they don't have a bigger testing environment for patches. Especially since they already acknowledge such huge costs doing rolling out such things.
With their Trustworthy Computing Initiative, hopefully Mike Howard and the crew at the Secure Windows Initiative department can beat the MS programmers and team leaders into submission and increase the quality of code and reduce the amount of bugs in WS2003. Even with that though, outsourcing testing is a pretty good idea, as they SHOULDN'T have MS's agenda as a factor when doing the testing.
Time will tell I guess.
Posted by SilverStr at 11:56 AM
The Bastard goes 24x7
Should give you a chuckle. I gotta go and warm up some of my pizza as we speak.
Posted by SilverStr at 11:50 AM