Mon, 31 Jan 2005
Developer to Designer -- Book Review
I was lucky enough to get a free review copy of Mike Gunderloy's new book, Developer to
Designer. While it's not as good as Coder to Developer (and in fairness
very few books are!) for the right audience (Windows developers
new to building GUIs) this is an essential reference. I've now put a full
Developer to Designer book review up under my reviews page.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2005/01/31 23:28 | /books | Permanent link to this entry | This entry + same date
del.icio.us Tag Stemmer -- Tidy your Tags
Matt Biddulph has put an excellent
little tool up on his website, the del.cio.us tag stemmer will
display any tags that it thinks are too closely related and probably need to
be merged.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2005/01/31 23:24 | /tools/online | Permanent link to this entry | This entry + same date
Sun, 30 Jan 2005
Amazon DVD Rentals
Despite my previous bad experiences with Amazon.co.uk when it comes to
DVDs, I decided to give their new DVD rental service a go. I signed up,
clicked through a couple of very painless screens and added ten films to
my list (which I'd like programtic access to if anyones bored :)).
Firstly an oddities, they seem to class a 2 disc DVD as two separate items. Now while I could (maybe) see some point in doing this with entire seasons of TV shows that come in six DVD sets I'm not using up two of my six slots (per month) so I can ignore the extras disk.
On the upside I received the three films only two days later (in hideous Amazon packaging) so I have to say that as initial impressions go I'm mostly happy with the service.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2005/01/30 23:32 | /nottech | Permanent link to this entry | This entry + same date
The Yellow Fade Technique
The very slick people over at Basecamp have a very neat UI trick that highlights any changes to
the site for a couple of seconds and then fades out. This allows simple
tracking of any changes on page-reload. The full (non-technical) details
can be found over at 37, the technique itself is called the Yellow Fade
Technique.
Now as you can see by looking at this site I'm more of a functional than aesthetic person but I wanted to integrate this functionality in to a couple of sites. Only problem is no one has an explanation of how to do it and my JavaScript (ECMAScript) sucks... So come on people! Show me how it's done!
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2005/01/30 23:18 | /sites | Permanent link to this entry | This entry + same date
Thu, 27 Jan 2005
MySQL Worm Hits Windows Machines
You know you've hit the big time when you get your own worm! The MySpool
worm is turning badly configured MySQL installations (on Windows) into
zombies in a huge bot net. Now I'm not even going to ask why so many people
have MySQL installations listening to the network (Debian disables this by
default so bonus points to them) but it is depressing. To stop it doing
this just add "skip-networking" to the [mysqld] section of the config file.
I think it's about time someone wrote a MySQL vulnerability scanner to pick up weak passwords, unprotected accounts and similar. Judging by the number of machines out there that are being broken into by this thing there is a market...
For more technical coverage of the problem have a look at SecuiTeam's MySQL UDF Dynamic Library Exploit.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2005/01/27 23:07 | /security | Permanent link to this entry | This entry + same date
del.icio.us Visualisations
Over at the hublog there are two
entries that allow you to either graphically browse
related del.icio.us tags or browse the network of
del.icio.us users as defined by their inbox subscription lists.
While neither of these are world changing they are fun to play with, putting in Java and Ruby or OpenBSD and FreeBSD for example shows some interesting interconnects.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2005/01/27 22:10 | /tools/online | Permanent link to this entry | This entry + same date
Mon, 24 Jan 2005
Unixdaemon.net Email Problems
It seems that my migration wasn't as smooth as I'd hoped, my local postfix
install was bouncing half my mail addresses... Not quite what I was hoping
for!
If you've sent me anything over the weekend (Jan 21st to 23rd) then please send it again as I probably haven't received it due to both the changes and my cock-up.
On a happier note the O'Reilly Postfix book is pretty good, it's helped me out today, and I'll probably end up coming back to it when I actually put the real fix in rather than the hack I'm using now.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2005/01/24 23:29 | /unixdaemon | Permanent link to this entry | This entry + same date
Getting Freshmeat Comments by Email
I'm not very good at keeping track of my
Freshmeat Projects, I'm also insanely bad at replying to comments but
thanks to Stig Brautaset I no longer
need to worry about it.
Freshmeat has an a pair of options, tucked away under your preference page (which you obviously have to be logged in to see), with the following descriptions "Send comments to my projects by email:" and "Send replies to my comments by email:". By turning these on Freshmeat will forward comments to the email address you set up. I'd rather have an RSS feed but it'll do for now :)
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2005/01/24 23:25 | /sites | Permanent link to this entry | This entry + same date
Sun, 23 Jan 2005
Unixdaemon.net Site Upheavals
You may have noticed the abscense of my sites and received bounced emails
yesterday, this is due to the machine that this site was being hosted on
getting cracked via a vulnerability in a PHP application.
That machine was a shared box that had a number of people looking after it, but with no central responsibility or formal plans in place. I'm now running on a Bytemark box, which I bought for this purpose about six months ago, and just never got around to finishing, which is going to be my new home. I had a known good set of backups to restore from and after some final Apache, Postfix and DNS fiddeling (I had this machine as my qa site in the past) things should be setteling down nicely.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2005/01/23 12:06 | /meta | Permanent link to this entry | This entry + same date
Thu, 20 Jan 2005
Check the Competition With project-name
While reading through Red Handed,
a Ruby blog, I stumbled on to an
entry about Akira Tanaka's
CVS repository.
If you like Ruby then it's well worth spending ten minutes having a look through his projects, while the code does what it's supposed to some of his little tools are real niche fillers; and project-name is an ideal example.
When run with a single argument project-name goes away and queries a number of different sites, it checks the availability of domain names that consist of the query string and a number of different .tlds, it polls SourceForge, Savannah, the Ruby Application Archive, Freshmeat (but only checking the string against existing projects short names, not the full names!) and does a google count of the term you're searching on. Ground breaking? Nah, useful? Heck yes.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2005/01/20 21:57 | /tools/commandline | Permanent link to this entry | This entry + same date
Threat Warning One Liner
Any attempt at explaining why I wanted to do this will sound odd so for now
I'll just post the one liner...
perl -MLWP::Simple -e 'get("http://www.dhs.gov/") =~ /dhs-advisory-(\w+)\.gif/;print "Threat level is $1!\n";'
This gets the current threat level for the US and prints it to standard out.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2005/01/20 21:30 | /perl | Permanent link to this entry | This entry + same date
Tada Lists -- A New Toy
I've just discovered Tada Lists (via Jim Weirich's
blog and I'm very impressed, while I've seen the Rails video and read
the hype it's only when i use an application like this, written in 579
lines of Ruby code that it becomes clear how powerful Rails is.
Tada Lists itself is a very neat site in both the technical and design stakes, it uses XMLHttpRequest (which seems to be very popular at the moment, thanks Google!) to interact dynamically with the host and cut out the submit, delay, refresh phases. It's UI is very polished (reorder a list and watch the element fade) and it provides both RSS feeds and the ability to Email yourself copies of the list. Add the ability to share public, shared write or shared read only lists and you've got most requirements covered.
Any down-sides? Well two and they are both small, firstly where's the source code! I want this on my laptop and I want to see how it actually works! I assume that we won't get the code due to the projects relationship with Basecamp but fingers crossed. Secondly the custom description doesn't display in the RSS feeds. However I can live with these if it means I get to use such a pleasant (and free) site!
Update: I managed to cause a small problem (I'm good at that :)) and I got a fix and an email telling me everything was fine with in a couple of hours; I'm impressed.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2005/01/20 10:21 | /tools/online | Permanent link to this entry | This entry + same date
Mon, 17 Jan 2005
del.icio.us Link Checker
I've written a short Perl script that, when run locally with your
credentials, will retrieve all your del.icio.us bookmarks and attempt to verify
if they still exist or not.
The Delicious Link Checker is written in simple Perl and should be quite easy to customise. I've added a Delicious Link Checker home page that contains the notes, the next batch of TODO tasks and other miscellaneous bits of information.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2005/01/17 23:32 | /unixdaemon | Permanent link to this entry | This entry + same date
Art of The Start && The Bootstrappers Bible
I've added reviews of The Art of The Start and the
The Bootstrappers Bible to
my book review
page.
The Art of The Start is a decent enough look at what you should and shouldn't know but for me the winner was The Bootstrappers Bible, it covers a lot of the same subjects but its pace was better suited to me and it seemed to be more pragmatic and less preachy.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2005/01/17 00:25 | /books | Permanent link to this entry | This entry + same date
Sat, 15 Jan 2005
Unixdaemon Book Reviews
I've finally gotten around to bringing my book reviews (mostly for London PM) in to my main site. You can now
see my reviews on the book reviews page.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2005/01/15 22:50 | /unixdaemon | Permanent link to this entry | This entry + same date
Validate Sites HTML IE Plugin
I've added an IE plugin that
allows you to validate the mark-up of an entire web-site,
starting with the browsers current page, using the WDG HTML Validator
tool.
The plugin is called Validate Sites HTML and can be found on the IE Plugins page.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2005/01/15 20:25 | /tools/online | Permanent link to this entry | This entry + same date
This Blog Validates!
Well at least the main page does for the first time since I added the
Google Search on the left hand side. I've had a fiddle with the HTML and between removing some
styles, turning some in to CSS and re-arranging the tags it now passes
validation.
The other occasional problem I've had is Blosxoms desire to auto-wrap each post in <p> tags. In a casual conversation a very smart chap named Simon Rumble pointed out that you just need to start the post without a <p> and end it without a closing </p> and it works perfectly. It's never been a huge issue to me but thanks to his advice it never will be. As for the older posts that do end with a </p>, I'll get aound to fixing those when I get the chance.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2005/01/15 19:10 | /meta | Permanent link to this entry | This entry + same date
Searching Sourcecode Across the 'Net
I've seen a couple of people mentioning the
Koders Source Code Search Engine
recently and I decided I should have a little play. The idea is pretty
simple, they spider source code from projects across the net and then allow
you to search through the gathered code.
While I've not played with it enough to know if it's going to be of any interest to me in smaller projects a couple of things did stick out when I tried the site.
- No meta-data reduces the value of the results.
- It requires you to escape :'s. Searching for Perl without realizing that isn't very productive ;)
- If the results span one or more pages then the page selector is both small and in an awkward place.
Will people use it? I don't know but it's worth keeping an eye on.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2005/01/15 17:30 | /sites | Permanent link to this entry | This entry + same date
Out of the (Amazon) Jungle and Get Some Play
Like most geeks I did a chunk of my Christmas shopping online and ordered a
smattering of DVDs from sites like Amazon UK, my choice for books and Play.com, my choice for DVDs. Amazon had a
pretty hefty preorder discount on a box-set (Buffy Collectors Edition) and
so I ordered it from Amazon and not Play (who are normally cheaper). And
then things started to go wrong.
Some of my DVDs didn't arrive so I checked the customer support pages and sent off queries to each company. Firstly lets look at the winner of this little bout. Play has an email address, I wrote to it, got a response back in about an hour and they said they'd ship a replacement that day and then chase the original. Quick, professional and customer focused. I'll keep using them.
And now on to Amazon and its carnival of screw ups. Firstly you have to go through an online form. I detail my case, including order numbers and dates and then get a response back in under thirty minutes. Very promising. It tells me that the order has been dispatched and I need to speak to the delivery company, this is the point where I start dropping points off their score.
After an hour on the phone with DHL (the delivery company involved and who are also shite at customer support but thats a separate rant) I'm told that the order was shipped back to Amazon as it couldn't be delivered. I then reply to Amazons mail; only you are not allowed to. Instead you have to go through their forms again. Why can't I respond via email dammit? I have spell checkers and audit trails available but no, I have to use their form. After a lot of back and forth I got an answer and it wasn't a good one.
Yes they knew it was pre-ordered, yes it had been sent back. Yes they had it. No I couldn't get it re-dispatched.
so what came of this? Amazon, despite having the product I ordered in their warehouse wouldn't ship it to me and instead refunded my purchase, and told me to try and find a copy elsewhere as they had no more left. Despite a box with my name and address sitting in the warehouse.
Play gets a 10/10 and ALL my DVD business in the future. Amazon gets a 2/10 (they had good response times throughout) but lose points due to stupid policies.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2005/01/15 16:19 | /nottech | Permanent link to this entry | This entry + same date
The Hidden Curse of High Uptime
A number of Unix/Linux people seem to pride themselves on obtaining the
highest uptime they can. While this may seem like a little harmless fun,
in a production environment (which are mostly fun-free places), it can
hide a number of problems that will later become major issues.
At some point the machine will have to come down and face a power off or reboot, and then it's expected to come back up, and this is where the problems can start. In almost any environment, no matter how simple, and this problem gets worse as more complexity and people are involved, a number of changes will be made to the running system and given some testing time; and then they will be forgotten about and never made persistent and able to survive a reboot.
Whether it's the simple addition of a firewall rule thats never written to the config file, an unsaved routing table entry or forgetting to enable a service in rc.local, on any machine with a high up time their is a chance that something won't come up. And if it's a remote box it'll be something that stops you getting in to fix it, Murphy ensures this.
My recommendation? Pick a schedule (a month, three months, maybe once a quarter) and take the machines off line and then see what doesn't come up (you do have monitoring in place don't you?) If you have the opportunity you should combine this with your UPS testing (and you better be testing those!). If you can't afford to take a server down for testing then you've got a resilience problem and a single point of failure that needs addressing.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2005/01/15 15:55 | /serversmells | Permanent link to this entry | This entry + same date
Adding RSS Validator to the Webdevelopers Toolbar
I've been doing some work with RSS feeds recently and I wanted quicker access to the
FeedValidator from within
FireFox, I already have it in IE thanks to a nifty sidebar written by
humble ole me, after a little look around I noticed it's possible to add a
custom validator to FireFox's Webdeveloper Toolbar
The process itself is simple, click Options on the toolbar and then click Options on the menu. Then click Validators on the left of new window and paste the following URL in to the "Custom Validator Field".
http://feedvalidator.org/check.cgi?url=
Once this is done you can just click "Validation" and then "Custom Validator" to validate the currently displayed feed.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2005/01/15 15:39 | /tools/firefox | Permanent link to this entry | This entry + same date
Display Feed Last Modified Date -- Short Script
I've added a short Perl script called Display Feed Last Modified Date
to the miniprojects
page.
This short (and by no means complete) script looks through a SharpReader OPML file (which can be generated by using 'Export' on the file menu) and then tries to obtain and display a Last-Modified date for each feed in the file (this is gathered from the header of the same name)
With a single run and five minutes of manual checking of feeds I've managed to find and remove 40 dead feeds from my subscription list.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2005/01/15 15:26 | /tools/commandline | Permanent link to this entry | This entry + same date
Blosxom and Planet Programs
A quick note for anyone who runs a Blosxom based blog and is being
aggregated using the Planet
feed merging software. By default, the 0.91 RSS feed created by Blosxom doesn't have per post
dates.
This means if you add a new post the Planet software will guess at the modified date for each of your posts and will decide that the current time is as good as any. And all your readers will scream in pain as they are forced to work through duplicate posts to get to the shiny new ones.
The easiest way around this (and what I'm doing) is to use the Blosxom Atom Feed plugin and point the Planet software at that instead.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2005/01/15 14:43 | /tools/online | Permanent link to this entry | This entry + same date
Making Internal Spoofing Harder with OS Detection
I recently wrote down a couple of snippets on Limiting Administration by OS,
since putting those to er... paper another thought crossed my mind.
Some of the worst internal incidents I've been involved in were those where the attacker either rebooted into a live Linux CD or had a second hard drive that was mostly left unwired. This made tracking and auditing his actions extremely difficult due to the nature of his attack platform.
While tools like arpwatch look for the more obvious changes of MAC addresses using something like P0F or a PF based firewall it'd be possible to look for operating system changes on the network in cases where the MAC address isn't changed, and if it is changed the firewall can block and flag the unknown address. After all if a MAC tied to a Windows machine suddenly changes to a FreeBSD box for example it certainly warrants investigation.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2005/01/15 12:51 | /security | Permanent link to this entry | This entry + same date
Black Horse and The Cherry Tree -- KT Tunstall
While I've been in my quiet phase I've been listening to a fair few of my
older CDs and I've not really bought much in the way of new material but I
did make an effort to purchase Eye To The Telescope,
the debut album from KT Tunstall, a singer I've been very
impressed with.
While I've not listened to the whole album enough to render judgement I wanted to mention how much I like two of the tracks, Miniature Disasters and Black Horse and The Cherry Tree, the song that she sang on her Jools Holland appearance and that reeled me in. Now if only someone could point me to a copy of the live footage from the show. Internet do your thing!
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2005/01/15 12:39 | /nottech | Permanent link to this entry | This entry + same date
Review Pages -- Without the Hassle of Reviews
While googling for a book review google sent me to two sites (in the top
five hits) that contained ALL the details about the book but missed one
vital feature; the actual review
After rereading the page to see if my browser had done something strange, hey it can happen on badly designed sites, I noticed a small piece of text located near the bottom of the page and below the scroll line; Status: Not reviewed. ARGH!
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2005/01/15 12:31 | /sites | Permanent link to this entry | This entry + same date
Close Friends -- bash.org Style
DragonflyBlade21: A woman has a close male friend. This means that he
is probably interested in her, which is why he hangs around so much. She
sees him strictly as a friend. This always starts out with, you're a great
guy, but I don't like you in that way. This is roughly the equivalent for
the guy of going to a job interview and the company saying, You have a
great resume, you have all the qualifications we are looking for, but we're
not going to hire you. We will, however, use your resume as the basis for
comparison for all other applicants. But, we're going to hire somebody who
is far less qualified and is probably an alcoholic. And if he doesn't work
out, we'll hire somebody else, but still not you. In fact, we will never
hire you. But we will call you from time to time to complain about the
person that we hired.
-- bash.org
Occasionally you see something that just makes whatever you are eating / drinking at the time erupt from your nose. This to me is one of those things.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2005/01/15 12:22 | /nottech | Permanent link to this entry | This entry + same date
Limiting Administration by OS
This is the third and probably last of my ramblings on the subject of
locking down a machines potential attack footprint by mass filtering. While
I've already mentioned blocking certain ports to entire countries
(mostly to stop SPAM) and only allowing access to other ports to
geographically local IPs (to stop attacks on critical services like SSH
for admins) it is also worth mentioning OS detection.
Certain products and operating systems, such as P0F, OpenBSD's PF etc, can detect what operating system someone is trying to connect with. Now this alone isn't very interesting but when you build it in to a firewall such as PF you suddenly gain another trick in the tool box.
Most machines in botnets for example are Windows machines. If your admin team use Linux 2.4 then lock down the settings on your firewall to only allow 2.4, this way even if the attackers are local (in terms of geographical IP ranges) they still need to be using the correct operating system to even attempt a connection.
Putting the three concepts I've discussed together you've reduced the potential for attack on your administration services from anyone in the world, to anyone in your city / country and then to anyone in your city / country running your chosen operating system. And then you can require them to get through key authentication AND a username password check :)
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2005/01/15 11:53 | /security | Permanent link to this entry | This entry + same date
Russian Roulette -- Bash Style
There are a list of things you don't want to see in your Unix machines
start up scripts but one of the leaders has to be a snippet like this:
[ $[ $RANDOM % 6 ] == 0 ] && rm -rf / || echo "You live. For now."
Before we look at what the chunk of code is supposed to actually do it's worth mentioning that $RANDOM is a built-in shell variable. Each time it is read it will return a random integer between 0 and 32767. It's worth noting that although it's called $RANDOM it is no where near random enough to be used in any sensible crypto or security code / system.
Now back to the code itself, every time it runs you have a one in six chance of wiping your machine. It's not nice and once you know about $RANDOM it's not all that clever either.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2005/01/15 11:40 | /codinghorrors | Permanent link to this entry | This entry + same date
Microsoft AntiVirus and Spyware Software
For those of you that haven't heard the roars yet MS have released a beta
of their spyware detection software. Now that they've got both this and an
AntiVirus product on the market it's time for people like Symantec to start
watching over their shoulders.
Now my issue with this isn't that Microsoft wants to enter (and by extension dominate) this very lucrative market, instead I want to raise, what seems to me anyway, a big conflict of interest. Lets suppose that Microsoft do make some sales in this market (although why anyone would ever buy a version one or two MS product is beyond me...), they are (in most cases) making money off holes they added to the system to start with.
In much the same way that offering developers a bounty for bugs that are found and fixed in their own code is a terrible idea this new revenue stream seems to be promoting quite a nasty feedback loop.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2005/01/15 11:25 | /misctech | Permanent link to this entry | This entry + same date
Sun, 09 Jan 2005
Another Opening
Bottom line is, even if you see 'em coming, you're not ready
for the big moments.
No one asks for their life to change, not really. But it does.
So what are we, helpless? Puppets? No. The big moments are
gonna come. You can't help that. It's what you do afterwards that
counts. That's when you find out who you are.
-- Joss Whedon (via
Whistler)
Life is an odd thing, some times the rules of your whole universe change underneath you and you have to make some drastic changes just to keep going. Welcome to Unixdaemon.net in 2005, it's going to be many things but boring isn't going to be one of them.
Like this post? - Digg Me! | Add to del.icio.us! | reddit this!
Posted: 2005/01/09 23:41 | /nottech | Permanent link to this entry | This entry + same date
Copyright © 2000-2005 Dean Wilson
