Interesting: White Hat Hacker Smack Talk

Reading SANS Internet Storm Center diary is part of my morning ritual and today I got a good laugh out of an entry by Tom Liston where he cracks some questionable javascript and even tells the black hat how to fix it:

"So... all of you JavaScript geniuses out there, please take note: I "cracked" this obfuscation while munching on in-flight pretzels and working ON MY CELLPHONE. If you seriously don't want someone to know what you're up to, then I think your encoding techniques should require cracking on something that doesn't ring..."

Here is a link to the full entry Climb a small mountain ...

Interesting: Google Reader

If you keep up with lots of news sites and blogs and aren't using and RSS aggregator, well, do it now. I've been using Google Reader for a couple of months and I'm very happy with it. It's easy to use and I don't have to open another app to access my feeds. Check out Scoble's demo and the Google Reader Blog for more info.

If you'd rather have a stand alone app, check out these. And definatly check out netnewswire if you have a mac.

You can even check out my shared feeds if you want.

Interesting: I'm getting old

Last Saturday I travelled back to Cherokee to play in a charity baseball game to honor my recently retired high school baseball coach, Richard Phillips. The turnout was really good, lots of family, friends and kids and the proceeds went to buy new equipment for the current highschool team.

It was great to be back on a baseball field with guys I haven't seen in years. There were enough for four teams, one older and two younger. Team 4 won our game 5 - 2, I went 2 - 3 with an RBI and a run scored. We won't talk about fielding :)

It was a lot of fun and I hope it becomes a tradtion. Here are a few pics I put up over at flickr.

Security: MS06-040 Patch

Microsoft has released a new patch to fix a buffer overrun vulnerability in a service that runs on Windows 2000, XP and 2003 systems. This is a remote code execution hole that would allow an attacker to take complete control of a system.

If you are behind a firewall that blocks ports 137-139 & 445 then you are somewhat shielded from this problem, however, it's best to apply the patch.

SANS has more information on the current worm activity.

Interesting: Microsoft buys up SysInternals

The announcement came this week from Mark Russinovich of SysInternals that he, co-founder Bryce Cogswell and the tools are moving to Microsoft. It's not really all that surprising being that Mark is better at building tools for the Windows platform than many of the folks already at Microsoft. SysInternals hosts many excellent troubleshooting and recovery tools including Process Explorer and Rootkit Revealer.

All the tools and support are currently still available from the site while Microsoft reviews the options of how to best leverage its new purchase. I already have them all, but I'll be sure to download current versions of everything just in case Bill deceides to hide them behind WGA.

Mark says "I’m looking forward to making Windows an even better platform for all of us!" Russinovich will be appointed as a Microsoft Technical Fellow, a title "awarded to someone whose technical vision, expertise, and world-class leadership is widely recognized." Microsoft currently has 14 Technical Fellows. Analysts are hoping that Russinovich and Cogswell will each add to the stability and security of future versions of Windows.

Here's to hoping for even better tools now that he is on the inside.

Interesting: Getting a little slack about this

Wow, it's been awhile since I put anything here. Since the whole point was to get me to start writing something on a regular basis I'm just going to throw some random links out here from stuff I've been looking at.

Microsoft's Powershell has had much of my attention for the last month, although I'm still not where I want to be with it. A command shell with access to .NET objects is double plus good if you want to automate ... well, anything in Windows. Scott Hanselman has so many things to say about I'm just going to link to a google search. Ars Technica has a guided tour that explains much of the reasoning and syntax in Powershell. There is also a Microsoft Blog for PowerShell. There are tons of other resources out there for this awesome tool and I'll likely post much more about it as I get more comfortable using it.

I've been slowly becoming more and more of a web hermit, although you'd think that would make me post more ... apparently not.

I keep finding PETA more and more disturbing.

I've also been trying to figure out if Chappelle Theory is a joke, a whacko conspiracy theorist, or actually the truth.

I got a new monitor that I'm very happy with. Although the price has gone down steadily, I still got a much better deal than what Dell lists.

And I've been to the beach, the Southern League Double A All-Star Game in Montgomery and spent a massive amount of time sitting on my back porch with a laptop. I should really post some pics at flickr and link to them, but I'm lazy ... maybe next time.

Interesting: Encryption

Why do we need to have secrets? Bruce Schneier says "Too many wrongly characterize the debate as 'security versus privacy.' The real choice is liberty versus control." He explains, in his essay The Eternal Value of Privacy, that privacy is a basic right and is needed to maintain the human condition. Just because I want privacy doesn't mean I'm doing anything wrong.

So, cryptography is a tool for freedom and here are several cryptography tools that anyone can easily use:

Torpark is a portable, secure browser that can run off a thumb drive. It combines Mozilla Firefox and Tor, the EFF's anonymous internet communications system. Here is an article with more information about torpark.

Encrypted gmail from Richard Jones is a very easy way to send encrypted email messages.

Password Safe is a password manager originally created by Bruce Schneier. This free program allows you to save all your passwords for different web sites and programs in one easy, secure location.

Getting a little more advanced, "OpenPGP is a non-proprietary protocol for encrypting email using public key cryptography. It is based on PGP as originally developed by Phil Zimmermann." OpenPGP is an email encryption tool.

And, IMNSHO, the best tool available for making secure connections over public internet, OpenSSH. "OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other attacks. Additionally, OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions." SSH stands for Secure Shell, take a look at the site for more information.

I'm also going to include this link to a cryptography podcast series that gives some great info and points out some other resources.

In conclusion, JOIN THE EFF!!! I don't need a reason to want privacy, anyone wanting to watch me better have a very good reason ... and some damn fast computers to break my encryption :)

Travel: Scotland

I'm a world traveller! I made it over to Glasgow, Scotland to visit my sister, neice and brother-in-law. They are here while Scott works on his doctorate in theology at the University of Scotland. See Scott's blog.

Robin and Keelyn have been acting as my tour guides and I've seen lots of really cool stuff, like the Glasgow City Council building, George Square, the Huntarian Art Museum and historical collection, Keelyn's daycare school, Pollock House, St Mungo's cathedral, Glasgow City Necropolis, St Mungo Museum of Religion and lots and lots of other stuff that I've forgotten the names of. I'll be here for a few more days and I'll probably post more about the trip when I get back. Here are a few pics I put up over at flickr.

Software: Firefox and extensions

Mozilla Firefox is a free, open-source, cross-platform web browser developed by the Mozilla Corp and many, many volunteers. Firefox began life as a fork of the Navigator component of the Mozilla Application Suite that was meant to provide a lean, mean browser only option for users who didn't need the full web suite. The Mozilla Foundation was created after AOL dropped development of the software a few years after purchasing Netscape Navigator (a very popular browser from the early days of the internet).

Firefox includes innovative features such as an integrated pop-up blocker, tabbed-browsing, live bookmarks, support for open web standards and an extension mechanism for adding functionality. Firefox has achieved widespread success and offers users a very stable, very secure, very functional option to Internet Explorer.

I have used Firefox since it was called Firebird (specifically version 0.6) and I can say it has become not only a valid option, but very much the standard by which other browsers are judged (well, ok, at least it's how I judge other browsers). Firefox is an open-source application which means the source code is available for anyone to view. This means Firefox uses sound security methods instead of security through obscurity. Any flaws that are found can be seen by everyone, openly discussed and fixed quickly by the community. No hidden code, no backdoors possible.

There are some criticisms of Firefox. Some users note Firefox takes longer to launch than other web browsers on Windows. The non-Windows-native XUL implementation of the user interface may be the cause of this delay. Internet Explorer has the advantage of being a built-in component of windows and much of it's functionality is loaded at Windows startup, but Firefox is still slower than other browsers such as Opera and K-Meleon. Another complaint is that Firefox uses more memory than other browsers, but developers claim this is at least partially an effect of the fast backwards and forwards features of Firefox (moving between pages that have already been loaded, the browser takes more advantage of the cache, causing memory usage to spike). Some memory leaks may also be caused by poorly implemented extensions.

Overall however, Firefox provides a highly stable and functional web browser that is much more secure and adheres to web standards. I highly recommend at least trying it out, once you understand the power of tabs and extensions I doubt you'll want to use anything else.

Lastly, here is a list of the extensions I normally have loaded with Firefox.

Interesting: Obscure Command Line Tools

I was listening to episode 12 of Hanselminutes today and was introduced to / reminded of several very helpful and cool Microsoft Windows command line tools. A good list of little known commands is here at NeworkClue.

I especially liked 'driverquery' which gives information and properties about all drivers loaded on a system. And also SFC or System File Checker which is a great tool for Windows that works in conjunction with a utility called Windows File Protection that keeps the system file cache. If you have restore points setup you are probably better off using them, however, as a last resort SFC will restore any system files that have been replaced or overwritten by incorrect versions or malicious software.

Scott Hanselman does a good job of describing several other little known tools such as netsh and wmic. Worth listening to if you spend time at the command line, or would like to learn how powerful the command line really is.

Oh, almost forgot, pushd and popd r0x!

Odd: British girl gets old heart back

Medical science amazes me.

Hannah Clark from south Wales had a heterotopic transplant operation -- known as a "piggyback" because the donor heart is placed next to the original organ -- 10 years ago.

Basically, they placed a donor heart next to her original heart so it could help pump blood. The drugs she took to keep the donor heart from being rejected quit working, but they found her original heart was now working just fine after the rest. WOW.

Interesting: The Battle for Content Ownership Continues

Just buy an HDCP compatible video card? Are you sure? Check out this article at BoingBoing.

The content does not drive the market, the demand does and consumers will eventually demand access to the content they purchase. So DRM will eventually die. I have no doubt consumers will lose a few rounds before that happens, but as a friend recently said "The publishers are dragged, every time kicking and screaming, to the money tree."

Interesting: The Google Brand

This article explains how google really is all things to all people.

Google DNA, stem cells, brand names ... why does that make sense?

Odd: The Lenovo Tapes

Just a little something odd to see on a Sunday afternoon: The Lenovo Tapes

Whatever it is and whoever created it, it's pretty cool :)

Interesting: AJAX and ajaxWrite in particular

Asyncronous Javascript and XML, or ajax. It's the new buzzword for rich web content and applications in the browser ... the whole 'the network is the computer' business that Sun has been trying to get across for ages now. see Wikipedia.

Ajax is used for GMail and Live from Microsoft. It is mixture of several existing technologies to provide a much slicker, cleaner web experience for the end user (how does it help the developer? I don't know, haven't done anything that could be called ajax, need to start toying). Here is an excellent post about getting started creating ajax apps Rush's ajax for beginners. There are some cool portal sites out there like pageflakes and netvibes and companies are quickly throwing ajax apps up all over the web.

How much is hype and buzzwords? A lot, to be sure, web 2.0 is a bubble being quickly blown to mid-90's 'same idea but on the internet' proportions. We've had all these ideas before, ajax just makes it work better. It's evolution of technology and the fact that more and more people have the bandwidth to actually be able to use these things doesn't hurt, but the marketing folks dream of monetizing these types of apps is still probably just that, a dream. Hopefully we can continue to evolve the technology and get more and better experiences, but it's all about services on top of something else. And that something else is what will drive revenue, not ajax. Ajax is just another tool.

As useful as it might be, the hype might cause it to implode and then we'll be forced to make up a new word for interactivity on the web. Things like ajaxWrite that make huge promises, then fall very, very short of those promises don't help anything. Extremetech has a review here. It doesn't even appear that ajaxWrire is actually written in what is defined as ajax. See comments at slashdot here. Marketing and buzzwords might make the CEO's richer, but real engineering and coding will eventually bring better tools to more people at lower cost, no matter what it's called.

Frist Post

hot grits!