Check out what's new!
<Download Link>
Wednesday, November 26, 2008
Monday, November 17, 2008
Minority Report Computer is Real
No really. Watch here.
Now they just need to finish up Jarvis from the Iron Man movie and we're all set for RL to become obsolete.
Free OSX Tools I Use Everyday
Since a lot of my friends have been "converting" over to Apple machines, they often ask about programs I have running that they don't recognize. Here's a (fully linked) partial list of applications I use daily either at work or when at home:
Now I know I said free software, but I had to include the following paid software I couldn't live without:
Update: Want more? Here's one list and another list.
What did I miss? Comments.
- Firefox
- Adium
- Chicken of the VNC
- Remote Desktop Connection
- Smultron
- Visual NetTools
- iStumbler
- iTool
- Skitch
- TrueCrypt
- TinyAlarm
- Carbon Copy Cloner
- 7Zip
- AppTrap
- Growl
- VLC
- GeekTool
- iStat Menus
- MacLoc
Now I know I said free software, but I had to include the following paid software I couldn't live without:
Update: Want more? Here's one list and another list.
What did I miss? Comments.
Thursday, November 13, 2008
Spam is unpredictable
Does anyone remember when the FBI busted a major spam ring? Bravo to those boys for what must have been a tough job.
Here's a pic of what a huge difference it made according to submissions to spamcop.net:
Hmmm, not much to see here.
Today I saw an article in the Washington Post talking about how Web Host McColo was shutdown after being accused with spam activity. Here's this week's spamcop.net pic:
I leave it up to you the reader to determine which day and at what time McColo was voted off the island.
Here's a pic of what a huge difference it made according to submissions to spamcop.net:
Hmmm, not much to see here.
Today I saw an article in the Washington Post talking about how Web Host McColo was shutdown after being accused with spam activity. Here's this week's spamcop.net pic:
I leave it up to you the reader to determine which day and at what time McColo was voted off the island.
Monday, September 15, 2008
Saturday, August 30, 2008
Friday, August 22, 2008
Monday, July 7, 2008
alltop
My RSS reader constantly has 1000+ entries left to read. My average day doesn't budget enough time to get through them faster than they arrive.
Time to reduce, reus-- err, prioritize!
Many of my favorite blogs are part of the gawker media network, which features a "top posts tag." This is perfect. I can now let other people do the dirty work of weeding out the less interesting posts and leave only the cream of each day's crop. Great, but what if I want to read / stumble new websites?
alltop's got you covered.
Time to reduce, reus-- err, prioritize!
Many of my favorite blogs are part of the gawker media network, which features a "top posts tag." This is perfect. I can now let other people do the dirty work of weeding out the less interesting posts and leave only the cream of each day's crop. Great, but what if I want to read / stumble new websites?
alltop's got you covered.
Thursday, June 26, 2008
Thousands of Sacrificial Lambs
Problem:
Proposition:
Just think of the possibilities.
Thoughts?
P.S. I admit I partly stole this idea from Tom Liston's LaBrea tarpit.
- So you say 'hackers' are constantly knocking on the perimeter door to your network.
- You claim that they are trying to 'map' your network.
- You insist that they will cherry pick targets based on fingerprint data, wins/dns name, or other factors.
Proposition:
- Fill up a virtual machine host with hundreds to thousands of fake hosts that each have random fingerprint appearance and different name. They don't need to do anything except listen on a few ports (on a set of believable ports, to mimic a real OS), and maybe send a fake packet or two around (you know, like M$ boxes like to do because they get lonely.) A full blown app like vmware is overkill for this purpose. A perl script on five tiny embedded systems would suffice.
Just think of the possibilities.
- Each would dilute any reconnaissance tool with bogus hosts
- Each is indistinguishable from real hosts without attempting to check the function of each service for each address.
- Each could also be setup to send alerts to your InfoSec dept when anyone attempts to connect to them; (only two categories of connectors: 1) misconfigured friendlies, and 2) bad guys.)
- Every second the scanner spends poking around in these fake hosts, your real ones aren't touched.
- You can brag about how many 'hosts' are on the network you manage.
- If 'fancy' is your middle name, you could write a script that would forward connection attempts to a honeypot and attempt to grab a fresh piece of badware.
Thoughts?
P.S. I admit I partly stole this idea from Tom Liston's LaBrea tarpit.
Wednesday, June 25, 2008
Snap `Em Good
After trying out a window manager that forces windows to always be tiled (thus preventing any window from getting covered up by another) I realized how silly this idea is. The whole point of a windows based GUI system is to hide inactive panes and prominently display those in use.
But the seed was planted. The ability to line up windows with no gaps was beneficial in certain situations. Thanks to Steve Gibson of Security Now! for pointing out Allsnap.
But the seed was planted. The ability to line up windows with no gaps was beneficial in certain situations. Thanks to Steve Gibson of Security Now! for pointing out Allsnap.
Why freeways should be conveyor belts
I drive a pretty sizable distance every day to commute to work. I drive on a freeway most of the distance.
Freeways were poorly named. Congested freeways are anything but free of cars. They house traffic 'trends' such as 'packs' or 'squadrons' as well as 'stop and go' sections or often just convenient 'parking lot' areas while you attempt to get home before dark.
In an attempt to optimize this sad state of affairs affecting those of us in urban life, I have come up with the solution (which as I'm sure you've guessed by now since you read the title) is that all freeways should be replaced with conveyor belts.
Now, I don't mean the rubber & pulley wheel variety, I have in mind something more like the catapult system found on the flight decks of American super carriers. It seems so simple it just may work!
Each car would hook up to one of these at speed and "lock in" to a spot on the freeway 'belt.' That way, the belt is always moving at a constant speed, no one is able to weave in and out of lanes, it's impossible to have a fender bender, people can't use the margins on the side of the road as 'temp passing lanes,' maximum fuel efficiency for all cars is enforced and no one can speed!
It's a perfect solution! I just solved the top 5 highway issues with one ginormously expensive and implausible invention that everyone would hate.
I dare you to poke holes in my logic...
Pretty graphs for the malware detection (ftw?)
Security data visualization is definitely a promising and awesome way to look at your logs / ids alerts / firewall rules. I was recently introduced to secviz, a site showcasing the various graphing and plotting tools freely available to help visualize un-eye-popping log or plaintext data. Of particular interest to me was:
Take a peek at secviz and get inspired. What else would you make pretty pictures of?
- How many times have you looked at a firewall rule set and collapse in anticipated mental exhaustion? Wouldn't it be much nicer if someone just drew a picture of that rats nest? Enter Ruined which makes prettyful things like this:
- Monitoring server load sounds like a job for another server to do (agh infinite loop!) but with a couple RGB values and some squiggly math, you can produce load reports that look like this!
Take a peek at secviz and get inspired. What else would you make pretty pictures of?
Tuesday, June 24, 2008
I sure miss grep in M$ Windows
At least, I used to! Check out this awesome utility for all your closed-source grepping needs!
Writing a DNS sniffer
Programming project: construct a program that can listen to perimeter traffic and construct http proxy-like logs. The weapon of choice? libpcap! The app will need to listen for both DNS (udp port 53) and HTTP (tcp port 80) traffic to accomplish this.
First up is determining where all the interesting bits in each layer of the OSI stack are located within each packet. In logical order:
With all that reference material, you might think this is a lot of reading! Okay, fine how about a copy and paste job? Tcpdump is the perfect place to exercise your mouse wheel click skillz to get all the data structures and defines you'll need.
One last useful tool that should be in every network programmers tool belt is of course, Wiershark (aka ethereal). In this case, it comes in handy to double check your program is disassembling the packets the same as Wireshark.
A BPF is used to speed up the filtering of interesting packets from useless ones and is passed in to the program as follows:
When writing any network aware application, the best place to start for documentation is always going to be the applicable RFC for whatever protocol you plan to speak.
When figuring out what bitmasks were needed to mask out specific bits (namely the first two bits for parsing DNS compression) Conversion Table came in handy. I also found this handy page if you need to brush up on bitwise operations (I sure did, since I hardly use them.) And don't forget your ASCII-Table!
Have you ever wondered how your lonely little-endian wintel laptop / desktop is able to communicate over the same IP network to a big-endian speaking SPARC system? It certainly kept me up at night! See for yourself how it is able to work.
More to follow... (you know, like source code)
First up is determining where all the interesting bits in each layer of the OSI stack are located within each packet. In logical order:
- DNS Records and DNS Headers (about half way down)
With all that reference material, you might think this is a lot of reading! Okay, fine how about a copy and paste job? Tcpdump is the perfect place to exercise your mouse wheel click skillz to get all the data structures and defines you'll need.
One last useful tool that should be in every network programmers tool belt is of course, Wiershark (aka ethereal). In this case, it comes in handy to double check your program is disassembling the packets the same as Wireshark.
A BPF is used to speed up the filtering of interesting packets from useless ones and is passed in to the program as follows:
dns_sniffer "udp port 53"
When writing any network aware application, the best place to start for documentation is always going to be the applicable RFC for whatever protocol you plan to speak.
When figuring out what bitmasks were needed to mask out specific bits (namely the first two bits for parsing DNS compression) Conversion Table came in handy. I also found this handy page if you need to brush up on bitwise operations (I sure did, since I hardly use them.) And don't forget your ASCII-Table!
Have you ever wondered how your lonely little-endian wintel laptop / desktop is able to communicate over the same IP network to a big-endian speaking SPARC system? It certainly kept me up at night! See for yourself how it is able to work.
More to follow... (you know, like source code)
Tuesday, June 17, 2008
Windows Tune Up! (type: Auto-magic)
I don't know about you, but every time I reinstall Windows (you know, every 3 months or so) thanks to WinRot, I spend an hour or so reconfiguring Windows the way I like it.
In an effort to reduce that time, here is a bunch of windows registry tweaks which change a ton of things from window pop up times to NTFS cluster sizes. This file may also come in handy for first time installations on to new machines.
This file was started by one of my colleagues at work, so props attributed where they are due!
BIG DISCLAIMER: Please, Please, Please, review all the tweaks before you blindly run the file. Remember, trust but verify.
Download
In an effort to reduce that time, here is a bunch of windows registry tweaks which change a ton of things from window pop up times to NTFS cluster sizes. This file may also come in handy for first time installations on to new machines.
This file was started by one of my colleagues at work, so props attributed where they are due!
BIG DISCLAIMER: Please, Please, Please, review all the tweaks before you blindly run the file. Remember, trust but verify.
Download
Thursday, June 12, 2008
Detecting bad TCP sessions
Here's an idea:
Why not develop a feature into personal firewalls that tracks active tcp sessions (via netstat) but with some intelligence. The idea behind intelligence is to not spam the poor user every single time an application wants to talk on the NIC. How would that work?
Well, it could associate keystrokes / clicks with network events. If there is a new tcp session established or new listening local port, challenge the user with the application name associated with said session or listening port.
It sounds so simple it just might work. Do you see any false-positive scenarios?
Why not develop a feature into personal firewalls that tracks active tcp sessions (via netstat) but with some intelligence. The idea behind intelligence is to not spam the poor user every single time an application wants to talk on the NIC. How would that work?
Well, it could associate keystrokes / clicks with network events. If there is a new tcp session established or new listening local port, challenge the user with the application name associated with said session or listening port.
It sounds so simple it just might work. Do you see any false-positive scenarios?
Wednesday, June 11, 2008
Tuesday, June 10, 2008
Tuesday, May 13, 2008
Fedora 9 Review (Mini-Edition)
Updated 5.15.08 7:30PDT - Thanks AnotherBrick
It's here!!!
Fedora 9 is the latest release from the Fedora Project team, released today, May 13th 2008. Sulfur sports yet another slew of new and exciting features, as well as some big package updates. I'd like to highlight some of the new packages I care about and give an initial opinion on each.
New Stuff
GNOME 2.22 is included. (Evolution 2.22.1 along with IMAP for Gmail, it also supports read/write Google Calendar integration!)
KDE 4.0.4, which has been completely migrated to the default kde install (no more of that kde3 and kde4 side by side nonsense.)
Open Office 2.4 long feature update and bug fix list. Haven't used extensively yet.
The shiny new 2.6.25 kernel.
A smaller memory footprint Perl 5.10.0.
PackageKit, a cross-platform front end for yum, is the new default ui for package management.
Firefox 3 beta 5 feels much smoother and quicker, and is already pretty stable. Many UI improvements. Many security enhancements such as a new malware protection and anti-phishing warning, as well as the infamous green EV-SSL Cert location bar. I'd like to highlight some of the neat new visuals:
Reported Phishing Site? Big Red box? Very nice.
A pop-up window asking to remember a password that isn't modal?? *Gasp* Now where have I seen this before...
IMHO, this SSL Cert pane looks much cleaner than IE7's equivalent.
I dig the new suggestion tab in the add-ons window.
Finally! Firefox 3 now saves open tabs even if it isn't crashing. Hazzah!
It's just too bad that many of my favorite add-ons aren't ff3 ready yet. No dinged points however, as this is still beta software. (no foxmarks! nooooo!)
Work has also gone into segregating firefox's plugins from the remainder of the OS using SELinux. Fedora's SELinux policy guy, Dan, has some background on his blog. To try it out in Sulfur, issue this command:
setsebool -P allow_unconfined_nsplugin_transition 1
Installation
My Installation went smoothly, nothing to report. (Always a good thing, especially since I chose the 64bit flavor.) I went with the default Gnome Window Manager, and will try out the new KDE4 release later. I like the new wallpaper theme, which just like Fedora 8, will change depending on the time of day. Also like in Fedora 8, the Compiz powered desktop effects checkbox worked flawlessly on my ATI AGP X850Pro card - Feels faster. The updated "Update System" UI is much easier to use, and feels much faster too.
If you plan to browse the internet or play multimedia, you'll need to add the livna repo. Here is the command I used:
su -c 'rpm -ivh http://rpm.livna.org/livna-release-9.rpm'
Once that's done, you'll likely want Flash (the proprietary adobe package isn't up on livna yet for 64bit so gnash will do), and mp3 support. I added it simply with:
su -c 'yum install gnash-plugin gstreamer-plugins-ugly'
Summary
I'm coming off as a broken record, but I have to admit everything "feels" snappier. I have no scientific proof to back up this feeling, but I would bet that much effort went into performance tune ups for this release.
It's only day one, but I'd already like to give Fedora 9 the thumbs up!
Friday, May 9, 2008
Firefox Add-ons Everyone Needs
Here is the list of Add-ons that make Firefox, my Firefox. All are highly recommended and play nice together. Give 'em all a try!
Customize Google - Hide ads and force https
NoScript - Whitelist sites you visit, block the rest
FasterFox - Increase Parallel stream speed
Fission - The Location Bar is now the Loading bar
FlashBlock - Replace all flash with a play button
Foxmarks - Synchronize bookmarks across computers
UserAgentSwitcher - Pretend to be IE for sites that check poorly
Download Statusbar - Slick & streamlined download manager
ReloadEvery - Perfect for Woot-Offs!
Download Them All! - Download every single link on any page
StumbleUpon - Find great new sites for lonely nights
FoxyProxy - Tor for firefox
SpeedDial - Thumbnail your favorite pages
NextPlease - Makes browsing image galleries much easier
ColorfulTabs - Included just for prettiness-sake
FormFox - Mouse over submit buttons to see the follow through URL
Gmail S/MIME - Encrypt your Gmail
Poll: What must have add-ons did I miss that you are using?
Wednesday, May 7, 2008
Saturday, May 3, 2008
Hello Earth!
In true compsci tradition, all technical writings start with the now detested "Hello World" example.
Subscribe to:
Posts (Atom)