June 29, 2003

Roses aren't always Red

Weekend has went by pretty fast. Spent Friday evening with friends who stayed over night. Saturday morning I made an "eggs"uisite breakfast and we watched the awesome movie CrossRoads (NOT the Britney Spears one, the one with Ralph Macchio) Amazing guitar work in it. If you like blues guitar, you will like this movie.

In the afternoon we went to Barry's (The Chief of Userfriendly) Rose Garden party and enjoyed the aroma of their amazing flowers while listening to some great live music. I took a few pictures of the flowers, and some notable faces which you can check out up in the gallery here. I am not as good of a photographer as Arcterex or Solas, but a few didn't turn out to bad.

Today I am just chillin out... updating my blog and going to go start reading that Secure Coding book I got this week. With any luck I should be done it tonight or tomorrow. Looks quite captivating. Actually... I think I am gonna go and start reading it now. L8r.

Posted by SilverStr at 12:58 PM | Comments (1)

June 25, 2003

My baby on Ebay!

I just wanna cry. I found my baby on Ebay!

I have wanted a Martin Committee trumpet for over a decade. Well, since grade 12 when I was in a Jazz band. I want to start playing the horn again, but don't have a trumpet to even get going. Or a harmon mute. Or a mouthpiece or a.. *sigh* ... I have nothing anymore resembling my musical love for the trumpet.

Just for giggles I thought I would check out ebay to see what trumpets go for now adays... when low and behold, I found THE TRUMPET that I want.

Of course, I can't afford to buy any trumpet right now. But I can dream.

I think I will go listen to some Chris Botti and live vicariously through him.

Posted by SilverStr at 12:10 PM | Comments (1)

Why I dislike RMS

If you know me at all, you know I don't care for RMS when he stands on his soapbox. Although I have only shared a beer with him once, even then he wouldn't get down off the soap box. But that is RMS. As a person he is pretty kewl. But I can't stand his attitude with GNU and Linux. Even when he is right.

What I mean is that even when he is right he can come across as a dick. While reading an interview in which he discusses the SCO vs IBM lawsuit... he came out with a good ditty that pissed me off for some reason, and it really isn't a bad quote:


Linux itself is no longer essential: the GNU system became popular in conjunction with Linux, but today it also runs with two BSD kernels and the GNU kernel.

He's right. Linux is NOT essential to GNU anymore. Yet he blows off that the two were so closely intertwined that BOTH of their successes could be contributed to each other. His HURD kernel sucked so bad at the time no one wanted to work on it. Instead of attacking the hard parts first (the GNU kernel), they decided to make all the tools. For the longest time, they piggybacked on Linus' kernel like a parasite on a whale until they finally found another whale they could jump to. Not that GNU tools are parasitic at all. They are awesome. But you get the metaphor.

Now don't get me wrong. Some days I think we don't give GNU enough credit. With gcc we couldn't COMPILE much on Linux (Yes there ARE other compilers, but RMS doesn't want you to think about that). But lets not forget what got GNU to where it is, and vice versa with Linux. And when discussing SCO don't blow off Linux like it's dead and that everyone should run to the HURD kernel. Gimme a break.

Posted by SilverStr at 10:47 AM | Comments (1)

June 24, 2003

Secure Coding Revisited

Well today turned out to be an awesome day. Not only did I get a tonne of work done, but I got delivered an AWESOME present on my doorstep. it almost feels like Christmas.

Remember when I was saying there was a kewl new book out from OR&A called Secure Coding:Principles & Practices that I would like to get?

Well I just did. Was a great suprise to be delivered to me today. Not only is it not out yet... I got the first one ever signed by Ken! (Pictures put up cuz Arc wanted pictures of the book)

Thanks Ken!

Posted by SilverStr at 02:55 PM | Comments (1)

June 23, 2003

OSX Panther: My new best friend.

Jobs did it again. Well, actually Apple did. While reading the latest slashdot article on the new Panther release a quote just made my jaw drop:


Apple is preparing a new set of developer tools called XCode, which works with GCC 3.3, does distributed compiles (using available resources on the network), and has other cool stuff. It is fast, it has improved searching (like the Finder, and over entire projects), and it looks like an iApp (though it isn't metal). It removes the need to link; only link objects you need to launch. It starts compiling while you are editing, cutting the time you need to compile drastically. It can modify the program while it is running.

So now you can make your graphics department your slave... literally. You can fire off a BSD kernel compile to the network and have it done in moments. You can have apps compiled and recompiled as you edit them, and they will reload themselves so you can see the results. Tres kewl.

Engel had an excellent write up on things Apple should do... and if they would ever do it... I might find myself owning one. In real short order. But alas, I doubt that will ever happen.

All I can say is... MARKLAR! GIVE US MARKLAR!

Posted by SilverStr at 09:26 PM

June 22, 2003

Weird.... Al and Chris Interviewed.

What I think I find most amusing about Chris is that he KNOWS how to stretch the envelope. I just watched an awesome parody interview he did using clips of none other than an awesome parody interview with Weird Al. You should go and watch it now.

Posted by SilverStr at 01:10 AM

June 20, 2003

Much to do about nothing

I know some people have went on about how lately the sales people in the local computer stores are getting much better. Well if today is any sign of things, I think they are slipping... BADLY!

I have been having some issues with some kernel debugging that I just can't do with VMWare. I seem to have a weird bug having to do with XP's suspend and resume functions for laptops that cause the OS to BSOD, and I just can't find a way to track it down. Trying to do network debugging is useless.. since this is a kernel-mode network driver. "No worries", I thought to myself, "I will just attach the kernel to a serial port and debug it remotely that way".

So I try hunting down a null modem cable so I can do just that. Can't find it. I think I may have left it at Limos' place, or perhaps it got lost in the move. No matter, I will just run down to the local LD computer store and get a new one.

Well, there was my first mistake. When in the store and asking the sales person "Could you point me to the null modem cables please?" I was asked "What are you trying to do?". I ramble on about how I need to put the kernel into the debugger, and that I would need to communicate directly between the two computers to do so. Oh that seemed to be the flag to turn on the "I'm a great salesman, let me show you what I think you need, not what you want". How does this go? Well it goes like this:


  1. I am first told that XP doesn't have a kernel I can debug. A kernel is for that Linux thing, and I am shown the latest Redhat. This was quickly shot down when I explained I am doing kernel-mode development for XP, and indeed there is a kernel. Most people just don't touch it. I said, "Can you please show me where your cable is."
  2. Next I was given a nice pretty cross over cable and told this will connect two computers together. I look at the thing, shake my head and sigh. Just WHAT was I going to say? Anger started to build and I just had to snicker at myself. I deserved this. I foolishly asked for help. I did say I wanted to connect two computers together. I did ask where the cable was. I decided to play it cool and explain that I needed a 9-pin serial cable. I re-iterated that it was called a NULL modem cable.
  3. Not clear enough apparently. I was introduced to the nice neat wall outside the cmputer department where they now put the serial cabling. I was given about 8 choices of male connectors. 5 of them 24 pin. *sigh* Ok, now I had enough. I kindly explained that I needed a serial cable that had two females on the ends, and that it was called a NULL modem cable.
  4. The manger who apparently knew who I was, seeing how frustrated I am comes to my rescue. (I was just amazed the manager was in the store after 5pm). "Mr. Epp", he says to me in an apologetic and calming tone, "You want the laplink cable right over there". Ok, I'll byte, I never heard it called a lap link cable before. Now said original sales guy is no where to be seen. He just realized he had no clue what I was asking for, and that it might be better to hide when the manager is addressing me by name. And that might be a good thing. Of course, I apparently didn't know what I was asking for either. Gawd forbid the name changed for the cable.

So I take the cable up to the counter, and the original sales dude is back. Guess he wants my money. But before he takes it he goes on this big speal about how it's impossible to put the XP operating system into a debugger. He should know, he has Developer Studio and has been playing with it in an effort to learn to program. Now is the time I decide I have had enough. I don't mind being wrong and hey, I didn't know it's called a lap link cable now. I deserve the pain of the hellish computer-guy sales cycle I seem to attract. But don't question what I do for a living. It's just dumb. There are people out there in the world that do know more than you, Mr. LD computer sales guy.

I begin by explaining what exactly a kernel is, and how with supporting architectural APIs from Microsoft that you can indeed put it in the debugger. I then explained that you need a special type of debugger called a "Kernel debugger" and special symbols from the operating system, which you can get when you are a member of MSDN. Hell you can get them without MSDN, its just not as easy. I further explain how you can extend the functionality of Microsoft operating systems using the Windows DDK (Device Driver Kit), and that this was exactly what I was doing.

I thought at this point it was over. I made my case. Nothing more was going to happen. So I thought. I was delightfully wrong.

The manager overhearing my tone starts walking towards me as the original sales guy says something that made me want to keel over and die laughing. And I quote. "I thought about going and getting my MSDN certification, but I don't have the time to go back to school right now. I am learning to program".

At this point the manager just made it to the counter and abruptly points out that the sales guy might want to be quiet for a moment and learn something. (This was getting good.. the manager was actually being an asshole for me to the sales guy.. the exact words escape me, but were something to the affect of "You might want to keep your mouth shut and listen for a change". Almost thought he was talking TO me.)

"Mr. Epp, I never heard of MSDN, but I am guessing its not a certification is it?" says the manager. I quickly point out that no, its MCSE that they were thinking of, and that MSDN is Micosoft's Developer Network, a for-fee service MS uses to assist developers by providing tonnes of supporting software and literature to 3rd party developers as they build software for Microsoft's platforms.

My laplink cable was quickly rang through as he listened intently. He made some ego-stroking comments about how I am always doing the coolest things in the industry, how it was too bad Merilus closed down, but that he was confident that the stuff I am working on now sounds like I will be back on top soon. He hands me the bag and says he hopes I will come back again, and to not worry about the other sales guy. He will be dealt with.

I don't know what that means, but if I were the sales guy I wouldn't be going into the back room with the manager any time soon. I think that was the only saving grace. Realizing that said sales guy is probably going to get whipped with a wet noodle almost makes up for it. Almost. If he was whipped with a NULL modem cable I would be much happier.

Posted by SilverStr at 09:35 PM | Comments (6)

June 19, 2003

FireBird: I'm converted

Well, Arcterex converted me this morning back to a Mozilla environment. I have stayed away from Mozilla, as it has had HUGE issues with file associations with a multi-user system such as XP's fast-switching services.

My wife likes IE and when I installed Mozilla it would keep fighting with her to become the default browser, did weird things to her account to a point I was screamed at to uninstall it. Of course I complied, but with it went my Mozilla.

Today I have been working on my company web pages and need to test it in other browsers. Arc was getting bored with helping me with screenshots in Galeon, and gave me a download link to FireBird.

A single click and I was able to install Mozilla Firebird into my user dir without the need of a Windows system dir, and it's working flawlessly. So good in fact I am blogging with it :) Now I get tabbed windows, popup ad-blocker etc all back, without my wife fretting about Mozilla issues.

Just to stress test it I took a few moments at lunch to check out if QT worked. It does. See for yourself..... and enjoy this new Tomb Raider trailer. Can't wait to see that in theaters!

Posted by SilverStr at 12:09 PM | Comments (8)

June 18, 2003

Funny Quote of the Day

Got an email today with a really funny quote. We were discussing the fact I owe this fine gent a pint when he responded with a quote from Fred Allen:

I'd rather have a full bottle in front of me than a full frontal lobotomy.

That just has to make you snicker.

Posted by SilverStr at 10:26 AM | Comments (1)

June 17, 2003

Secure Coding: Principles and Practices

My buddy Ken (from CERT/CC fame) has just finished a book for O'Reilly called Secure Coding: Principles and Practices. Looks like an excellent book, from an obviously excellent publisher.

I don't think I have yet to read a BAD book from OR&A. And Ken is no slouch when it comes to this topic anyways. Can't wait to get my hands on one. I am hoping to get an autographed copy in the next short while. Here is hoping *fingers-crossed*. Otherwise, I am going to have to wait 2 months before its up here in Canada :(

Posted by SilverStr at 10:50 AM

June 15, 2003

Return of the Jedi Golfer

So I am standing in what seems to be Dagobah swamp with my 9 iron preparing to figure out what my ball is in. Is that bantha fodder? I see through the thicket something that seems to resemble possibly Yoda, or maybe its just a rabbit on steroids. Moment later I realize I am in a hell called "Tall Timbers Golf Course" staring at my ball in a huge mud hole while a HUGE rabbit jumps out from behind the tree.

A few holes later I appear to end up in some sort of desert country, kinda resembling that old abandoned town with the tumbleweed you see on TV in the Westerns. A truely weird feeling to go from mud swamp lands to dirt and gravel on the fairway.

To end it off, I realize how good I have it when about 6 of the holes have to use astroturf for tee boxes as the grounds suck. I think maybe I am spoiled with the splenders of all the golf courses around here compared to Langley. For the same green fee I easily could get a course 5 to 10 times as nice.

Even with a pretty crappy kept course, the round of golf itself was fun. I definitely could tell I haven't golfed in a long time. With the average distance of each hole being about 350 yards, I have a blister on my left foot, and on my right hand. (I'm a left handed golfer in case you can't tell). With that, I shot a 96. Ya pathetic. But after walking a course for 5 hours (people ahead of us were slow) I realize the excerise was great, and makes up for the lousy game I had.

Came home to a great Father's Day BBQ. Just now relaxing from it, sitting on the deck and blogging from the comfort of my wireless laptop. Awesome evening to be sitting outside and enjoying all the splendors of nature. I think I will return to that, and envision how my game may have been better if Yoda would have shown me how to use that force thing to control my ball, or atleast control the mind of the score keeper and shave off a few strokes on that card. TTYL.

Posted by SilverStr at 08:18 PM | Comments (2)

LAN Party Goodness

Well, Arcterex's lan party was a great success! Lots of carnage, game play and taunting! I put up some pictures over here for those who would like to check it out.

I am sure Arc will have a more detailed report you can check out sometime today on his blog, so if you check it semi-frequently he can sit and ridicule us all. It was a great time, thanks Arc! I held my own, typically being in the top 3. In one round I caught all 8 flags for my team!

I would sit and chat more about it, but I have to go get ready for a round of golf in the Mud Swamps ^H^H^H^H .. I mean Tall Timbers, in Langley. Father's Day round of golf on a somewhat sunny day... not a bad way to spend it. Lets just hope my first round of golf this year doesn't turn out to be the worst round of mud golf of my life.

Time to find out! L8r.

Posted by SilverStr at 08:22 AM | Comments (1)

June 11, 2003

Enemy Territory

I'm hooked. This has just enough spin on the game to draw me away from Urban Terror. Its all about getting promoted by doing your job in a team. I typically am an engineer (go figure, thats what I did when I was in the military) and enjoy setting mines and blowing up targets under fire. If you haven't had a chance to play it, YOU GOTTA TRY IT.

I am so hooked it was detrimental to me yesterday. The night before I taught Arcterex how to play, and decided to stick around after he left to play another few rounds. At 5:30 the next morning I realized how late (well early now) it was, and ended up only getting a few hours sleep before taking my wife to work.

Then I had to head down to BCIT as I was guest lecturing on Threat Modelling. Man was I tired. Presented to like 50 students in the theater and look and sound energetic when your tired is a larger chore than you would think... but about half way in I got a "second wind" and it turned out pretty good. Seems like this group enjoyed it more than the last one I gave at one of the universities.

Oh well. Right now I have to go get changed as I gotta head out for a few meetings and maybe get back to play a few rounds of RTCW:ET. I REALLY hope we get to play this at the LAN party this weekend. (hint hint)

Posted by SilverStr at 01:25 PM | Comments (1)

June 08, 2003

Gollum Acceptace Speech

Well, I am happy to annouce that Gollum finally won something for Lord of the Rings. I have just had a good chuckle at his acceptance speech. (This isn't the original link, its a faster link)

I just love how they did that. Man I am still laughing. I wish I had that kind of digital artist talents. Makes we wanna crack open a few rendering books. Good job guys. I'm impressed yet again.

Posted by SilverStr at 03:51 PM

June 07, 2003

Marketing: Product Positioning

Just finished reading an interesting article on the fact that Marketing is not a Post-Processing Step.

I think the reason I find it so interesting is the fact it rings so true to me and some of my experiences. It IS so easy to fall into the trap that only the code matters, and that marketing can not begin until the code is done. This was a fatal flaw at NetMaster if you ask me. While I was doing all the code the team should have been building a real marketing plan, preparing the positioning and getting all the supporting work done to do this. When the product was delivered on time, we weren't ready to really get out there and sell it... and althought we had an 'idea' what our positioning was, it was not clearly defined, and we were not hungry enough to seize it. I spent another few months just doing the graphics, marketing materials, the web site, documentation etc. without really having our marketing position figured out. By the time we got it right, and finally began contacting customers it was 3 months later. Major window of opportunity lost. :(

I think the article reflects what we did wrong. Hopefully this time around I'll get it right. Lets hope.

Posted by SilverStr at 10:29 PM | Comments (2)

Understanding Shareware

Was reading Chris's blog and found a few interesting links that might apply to me, or atleast to some other people who read my blog.

The first link is an article about Shareware Amateurs vs. Shareware Professionals. Quite an interesting insight into the mindset of such people. It is also bang on in explaining how you need to MAKE opprotunities and work at it, as it doesn't simply come to you.

The other link was to an interesting blog I will start reading semi-regularly called A Shareware Life. In it the author "rants about shareware marketing, the life of a shareware author, and everything else". I haven't dug to deep into the archives yet, but will get to it one of these days. Looks pretty interesting.

Which now gets me to a couple of questions for anyone who might wish to respond. If you were going to try out some more expensive shareware software before you bought it (lets say a couple hundred dollars), how would you expect it to be performed? Shareware? Nag-ware? Crippleware? What sort of registration process would you be willing to accept?

Ie: Would you be ok with crippleware with full functioning, but limited on time, or crippled in only doing everything once etc. Would you honor the shareware concept and buy it after you use it? Would you accept the nag screens, or simply find a crack?

Here is another question. Did you buy winzip? Did you get a crack for it? Or do you accept the nag screen at the beginning?

I understand you may not wish to post you answers publically. If so, email me.

Would love to get some feedback from some of you. Please let me know how you feel on this subject.

Posted by SilverStr at 11:33 AM | Comments (3)

June 05, 2003

Getting Uptime in Windows XP

Want to know your uptime in XP Pro? Use the systeminfo command line tool! Check out my uptime before I take it down to put in new ram:


C:\Documents and Settings\Dana>systeminfo | find "System Up Time:"

System Up Time: 68 Days, 8 Hours, 38 Minutes, 46 Seconds

Basically, my machine has been up since I moved in to the new place! And I do huge kernel-mode driver development on this box ALL the time. And now to ruin it by taking it down to add ram. Oh well. Like the old Linux addage... "Reboots are for kernel upgrades or new hardware". I want my gig of ram... uptimes mean nothing compared to it. :)

Posted by SilverStr at 11:37 PM

June 04, 2003

The Power of Google: A Hacker's Best Friend

Google is my favorite search engine. It's internal API has so many options its just nuts. Of course, we rarely use the real power of it, mostly because we are oblivious to it.

This morning I read a really good article on using google to do probes and gain access to files that you may otherwise not want. Wanna find all excel files that may be private, and put up on the wrong server by some sloppy sales guy? Try:

filtype:xls inurl:sales

Now comb through it. I found acouple of interesting spreadsheets that shouldn't be online.

Here is a thought that wasn't mentioned in the article, but has a SERIOUS impact on anyone configuring moveabletype, and does it incorrectly. If you were to do:

inurl:mt.cgi

every so often you will be bound to find someone who has installed it, but not yet configured it, giving you the ability to take over the site by using the default username of 'Melody' and the default password of 'Nelson'. Well, more to the point, you could use a specially crafted URL with that user/pass combo from the info from google and automate the whole thing.

I will leave the actual code to the imagination of the user, but I 'theoretically' got this down in a short perl script. It can extract the list from google, iterate through it and query every site with moveable type. Most mt.cgi entries on google actually come from usage stats thanks to webalizer. You can typically ignore these sites, because if they made it on the usage stats, chances are its in use. Want an example? Wanna know where Arc logs in to Moveable type for ufies.org?

site:ufies.org inurl:mt.cgi

It's right there for the pickings.

To be honest, this is kinda lame, because we all know that the mt.cgi will be around that location. But lets look at other implications. Bugtraq comes out with atleast one new vulnerable php script weekly. It would be nothing to put:

inurl:lame_php_script.php

and go to town exploiting the thing. Wanna hack a particular website? Use a perl script to iterate through a file of common vulnerable strings (which you could steal from Nessus or snort), combine it with the combo of inurl and site directives and go to town. I will leave it to the readers imagination just how far this can go.

Anyways, in case you didn't get it the first time, you really should read this article. A good read.

Posted by SilverStr at 08:42 AM | Comments (8)

June 03, 2003

Fear of the Day Star

The day star... I fear the anomoly. It's warm attraction reminds me of the brightness of the death star... as it explodes. It draws me closer, wanting me to leave the sanctuary of the caliginosity in my office and appease its every wish by chanting to the sun gods as I make sacrifice of little lemons and drown them in water and sugar.

Oh how I wish I had the same computing power in my laptop as I do on my desktop machine. I could baste in the glory that is the big blue room while still saying I am coding. Well, I can, its just not possible to actually do remote debugging. *sigh*

I will therefore finish this last component of this part of the project so tomorrow I can enjoy the sun while I begin writing supporting whitepapers, while testing the latest code on my laptop in a production environment... kinda sorta.

I hope you got a chance to see such de'lights' yourself today. If not... and you are hiding in the shadows of your cubicle, may Phil reign terror on you as you work with insufficient light.

Posted by SilverStr at 01:45 PM

June 01, 2003

Movie Madness

Had a great 'family day' today. Got to sleep in, have a good lunch and then headed to see Finding Nemo. As usual, Pixar outdid itself in an amazing feat of rendering bliss. What they can do on the digital canvas is just amazing. The amount of underwater detail was astounding, and I can say that this is now my favorite Pixar movie. Kicked Mike and the Monster's Inc. flick out the window.

This was the last movie Pixar HAS to do with Disney, which means they will be on their own as it comes to publishing. Should be interesting to see how they do. There was a short 'teaser' about their next movie, but it didn't impress me. I will hold my judgement until its released.

Had a great dinner at WhiteSpot (you know their menu finally changed.. how refreshing) and then headed home to watch WindTalkers on DVD. The reviews made it sound a lot worse than it actually was. I didn't mind it all that much. Not like 'Saving Private Ryan', but still an ok mission based WWII movie.

Was interesting to learn that the only code not cracked in WWII was that of the code talkers. Might be interesting to read more about that sometime. Right now, its like almost 3 in the morning, and I need to go to bed as I am getting up early to get some work done. Nighty Night.

Posted by SilverStr at 02:42 AM | Comments (3)