I have been listening to Wolf FM lately. Streaming 56Kbit audio pretty much saturates my slow connection so I disconnect from IRC and only check mail a few times a day. This does wonders for my productivity. You people are all on 2Mbit DSL connections (or 155Mbit links), right? Take a listen to the 128Kbit feed on Wolf.
In a classic case of "spot a problem, fix it everywhere" I discovered that Blackhat link incorrectly to some of their own streaming videos. What I perceived to be network or server problems on Blackhat's behalf turns out to be HTML QA issues. The incorrect links on my site have been available since forever and nobody spotted the problem.
I absolutely hate being nailed by simple problems. I should know better and take easy precationary measures. It is not hard to get this right the first time. I suck. I will make up for it by starting a QA section of the Dominion.
I went for a 30 minute powerwalk with the Spirited One yesterday. Today, we are both a little sore from the effort. She still smiled, however. I think she likes me.
I finished reading "Secrets and Lies." Bruce has a love for outsourcing information security that I do not agree with. Any medium-sized IT related organisation probably engage in enough new projects to keep a handful of security analysts occupied full time.
While wondering why Blackhat's media site is always down, I discovered a typo on my recommended page. Some of the URLs for Blackhat's media files contained a reference to port 554. The port used by RealPlayer for the particular protocol is 5554, not 554. This has been fixed. The talks by Brian Snow and Mudge were affected.
Hi. Have you missed me? I have been doing various things, including thinking a lot and not sleeping well. I also added a few more muppets to my collection. Have fun sharing my pain.
I used to have an MP3 recording of Jerry Seinfeld's "I'm telling you for the last time" but it has vanished (from a read-only filesystem). I do not understand how this is possible.
Reading the RISKS Forum can be very depressing. It can also be slightly amusing, like this one:
Date: Wed, 13 Mar 2002 00:35:43 +0000 (GMT) From: Pete Mellor <pm@csr.city.ac.uk> Subject: Software "glitch" changes the colour of the universe As reported on the "Broadcasting House" programme on BBC Radio 4, Sunday 10th March:- Scientists at John Hopkins University have spent several years calculating the weighted average of the electromagnetic frequency of emissions from all galaxies in the observable universe. They concluded their research by announcing last month that, on average, the universe is turquoise. Last week, they announced that, due to a software "glitch", they had miscalculated, and that the universe is, in fact, beige. Broadcasting House are threatening legal action, claiming that they have just had their studio painted turquoise in order to be in harmony with the rest of the universe. Peter Mellor, Centre for Software Reliability, City University, Northampton Square, London EC1V 0HB UK NEW Tel.: +44 (0)20 7040 8422
Design your systems carefully. Write secure code. Audit your design and implementation for security and reliability problems. Do your absolute best not to make mistakes, yet be humle and build fault tolerance into your code. Have your network raped anyway because users are fucking morons.
Spent some time with Dave discussing various aspects of life.
I have been sleeping long (odd) hours lately but still I am tired most of the time. It has been ages since I have seen Mick. Shame on us.
I have no idea if this email exchange posted to the Cult of the Dead Cow's website is real, but it made me giggle my motherfucking ass off. User survey: have you ever smoked crack with Robert Downey? Answers on a postcard, please.
One of the GhettoHackers has been asking some very basic questions on the OpenBSD lists. Here was I, thinking they were all seriously skilled individuals.
Removed all direct mention of my employer's name from the Dominion,
replacing it with $EMPLOYER in most cases. A few indirect
mentions in URLs to news sites persist, but not enough to sue over.
Ate a few bananas!
Once I was awake this morning, I could not fall asleep again so I started reading the last bits of Peopleware. The authors hit on some excellent points on managing a team, including how regular status meetings are really about the status of the boss, not the project, how knowledge workers are effected by noise and interruptions, and how most companies mismanage resources in a project. According to the book, I did a lot of things right over the past 2 years, especially some of the things nobody else agreed with.
Most of the ideas in Peopleware, along with a few of my own, are now required understanding for anyone wishing to employ my services in the future. Good luck to me ever being offered another job with that attitude. How dare I have expectations of my employer?
I have been quite pleased with my reading habits over the last few days. I still want to finish Building Secure Software, then I will start on Refactoring. Prompted by Alain, who used to contribute to Dancer, we have initiated redesign of Dancer 5. It is going to be a completely different bot.
An obscure vulnerability in bsd_auth was fixed by Todd the other day, and the security patch posted today. I am still playing with ideas for mod_bsd_auth as well as an authentication backend which requires password and cryptocard authentication. Markus made some strange commit to OpenSSH's auth code that I did not like the looks of.
<ego> I am growing to dislike our little asian friends who live in
westend.
<ego> they keep on pressing "YZ" instead of "XYZ", and so did their
fucking taxi driver.
<holsta> Heh.
<holsta> Want to pay them a visit?
<holsta> Make it a point to ring XYZ every time you pass the intercom.
<ego> haha
<ego> I think I will.
<holsta> I'll help you remember.
<ego> Its happened at least once a ewek for the last month.
<holsta> If you buy me a Yop from time to time, I will even ring the
intercom when *I* pass it.
<ego> I had another 30 minutes sleep time.
<ego> Its a deal :)
Having discussed my opinion of Building Secure Software with Jerry, he once again advocated getting Writing Solid Code instead. It is already in my basket at Amazon but I need to break my book habit.
Went to Tante Zoe's for lunch. Shame on me, but the Dooky Gumbo was fucking lovely.
Came home from work very tired. Ate a few bananas. Went to bed soon around 6.30pm, waking up briefly at 8pm and then proceeded to sleep late into the night.
Did nothing over the weekend. Had today off as yesterday was Paddy's Day. Relaxed. Very few tummy problems. Ate some bananas at one point.
Finished "Security Engineering" a while ago, by the way. I started reading
"Building Secure Software". It is very easy to read, but it tends to trail
off the "well-written" track in favour for the "ranting about security
problems" too much and the authors repeat themselves every 5 pages. I also feel
the boys skipped a little too easily over secure code examples. They say
getenv() is hard to use without introducing an overflow, and then
fail to demonstrate proper use.
Got myself a copy of "Under Rug Swept" by Alanis. It rocks.
You know of "The Hitchhikers Guide To The Galaxy" by the late Douglas Adams, right? Needless to say, it is not a perfect guide, but it makes up for its shortcomings with its cover that has the words "Don't Panic" in big, friendly letters.
I have a book which has the word "Panic!" on the cover in big crimson letters. I wonder if that is a sign.
My stomach acid has awoken once again. I was doing so well! It had been quiet for weeks.
It appears representatives of my employer are reading my diary. This
is funny. I have been raising my issues with $EMPLOYER during meetings over the
last 2 years until I was blue in the face; I rant here about certain
aspects, carefully avoiding violating any confidentiality agreement I have with
said employer. There is a good chance that my employer knows exactly what I think is wrong,
and if they do not, someone was sleeping in all those meetings
and while reading my diary. I find it depressing that rather
than spending time trying to fix the company, I have been asked to
remove the comment.
This removal request alone says a hundred times more about $EMPLOYER than I have ever been willing to state in my public diary, so I will not comment on it further.
I played around with BSD authentication and seeing how simple it is to use I will continue playing around with it. My aim is to implement a mod_bsd_auth for Apache. That would be something. "How would you like to authenticate your users? Here is 4 million different ways."
Lots of serious security vulnerabilities discovered recently. Most software, including OpenSSH I am sad to say, simply sucks. Supposing I get around to doing mod_bsd_auth, I will die if vulnerabilities are discovered in released versions. Lucky for me, I can summon the powers of good QA.
As you may know, I am an advocate of strong authentication. Someone,
who is unable to use SSH keys, indicated a desire for a secure host, so I put
some effort into X9.9 authentication on miracle. I have the token
access working, and will look into supplementing it with a local password,
leaving the tokens unprotected. I find a system password of 15 characters both
stronger and more convinient than a 4 digit PIN on a keychain token.
oldasdirt$ ssh testm This is 'miracle.mongers.org' -- intruders will be shot, raped and burned. CRYPTOCard Challenge "41358264" CRYPTOCard Response: OpenBSD 3.0-current (MIRACLE) #0: Fri Mar 1 17:09:33 GMT 2002 miracle%
When I get the token + normal password combination working I will aquire a handful of token that my users will be able to rent for a reasonable yearly fee. I see no reason for my users' inability to use SSH keys having unreasonable financial impact on me, hence the fee to cover my cost. If you want to sign up for a token, let me know.
This world is pathetic. I went to see The Mothman Prophecies (which is an excellent horrormovie, by the way), and two seats to my right were a couple in their twenties. I could tell right off the guy was a scumbag, just from his annoying northside Dublin accent. Before the movie began he said to his girlfriend: "Is this a comedy?". When the title appeared he read outloud: "The Mothman what?" His girlfriend said "Prophecies," to which he responded "What is that supposed to be?"
Oh my fucking god. Someone hand me a shotgun.
Decisions, decisions. I want to go see a movie, but cannot decide which. My choices are "A Beautiful Mind", "Don't say a word", "Gosford Park", "In The Bedroom", "Just Visiting", "Monsters, Inc.", remake of "Oceans Eleven" and "The Mothman Prophecies". Actually, "We Were Warriors" and "Harry Potter" is also running, but please.
I think I will have to go see all of them as some seemingly intelligent people on IMDb find all of them worthwhile. MUWAHAHAHA. MWAH.
Did I scare you there? Sorry.
The session in Porterhouse tomorrow has been cancelled. I was looking forward to going. I will have to settle for this kind of last-minute abuse:
*** Quits: dogs:#mongers [dogs@212.2.191.23] (Quit: FINGERNE VAEK FRA
MIN KALKUNRULLE!)
Ireland's infrastructure is standing in the way of e-commerce. My local postoffice is to blame for the recent issues with Amazon deliveries not making it to my door. It seems distributing small to medium-sized cardboard boxes with names and adresses printed on the side is beyond the capabilities of An Post.
Amazon.co.uk claims "C Implementations and Interfaces" is out of print, yet Amazon.com is ready to ship it with 24 hour warning.
Going to see Pete Yorn in The Shelter at Vicar Street tonight. Meeting up with Tony and whoever else at Darker Kelly's at 7pm. Oorh, and Billy Bob Thorton (yes, the actor) is playing on April first. Mick, are you on for that? Anyone else?
I had lunch with Tony yesterday. Our trip to Belfast has been postponed as both Phil and Wayne are having heartproblems again. They were supposed to join us. Why do people continue to smoke and drink when they end up in the hospital due to serious heartproblems?
Uffe's new site looks nifty, but he still insists on using Javascript for navigation. He is otherwise a bright guy.
I got tinydns and dnscache running on oldasdirt last night.
Sexy. I have dedicated a page with my other stuff to how
special oldasdirt is.
Pete was loud, his microphone sucked and the set was much too short, but the music was great. His CD is called "Music for the Morning After" -- give it a listen if you get the chance.
Dave was around the other day, and his glance sought out my Danish passport which was sitting on a cupboard. He asked some trivial question about it, and I knew what would come next; I let him go ahead. He picked it up and turned to the back of it, not finding my picture. "Oh, the picture is in the front," he said, "How clever."
I nodded, still knowing what would come next and not caring at all. "I will be able to see your date of birth," he said, and continued to read it out loud. The look on his face as he counted the years and realised I was not halfway into my thirties as he believed, but rather being twentyfive years old, was priceless. I will carry it with me for a while. And now you know too. At your convenience, please send me an approximate picture of the current expression on your face.
However, you did not really think that was my only point, did you?
Need I tell you my soul is at least twice the age of my body? I think I need not. That puts me at fifty-something. Whenever I have been reading about death from old age over the last few months, I have, without exception, found myself in a melancholic mood. I find myself thinking of how people will pass away, leaving nothing more than a fading memory. When I think about it too much, I find it terrible. How simple life is. How trivial. How fragile. How pointless. (Is this beginning to sound like depression talking yet?)
Death is an old friend of mine. We first met a few months after I had turned 4 years old. I remember it well. It was an idle Friday evening, and the introduction was sudden and quite rude when I watched my mother suffer a cerebral hemorrhage and subsequently died a few hours later. While this introduction took place early, I think that only recently have I begun to understand fully what it is.
You know me. I still maintain there are people alive today who do not deserve life, and there are certainly good people that deserve better than the trivial fate that death is. It disgusts me when I think of how these good people will share the same fate as all the irrelevant people in the world.
People question the anger, arrogance and intolerance I carry within me. Some even use the label 'insecurity' to describe my actions; I try not to giggle. People wish to know why I, without a seconds hesitation, discard everything and anything I find unsatisfactory. I just gave you the answer: life is pointless enough as it is. If something does not immediately come across as being worthwhile, it most likely is not.
Sure, life needs to contain birthday parties, that first kiss, computer games, car repairs, multiple orgasms, taxes and worries over bad hair days. But if your thoughts never drift to ponder and question even, the point of us being here, I regret to inform you that you do not deserve life.
This was not quite what you expected when I started talking about my passport, was it?
As a followup to yesterday, Uffe says I bitch constantly. I would like to think of it as pointing out issues for a reason, although sometimes I am not quite as elaborate or as nice about it as I could be. I find these two latter points to be true especially when I expected not to have to point out a particular issue. Lower your standards and life just gets better and better.
Today the Spirited One decided I am not worth waiting for. The waiting made her upset and instead of talking to me, she simply left.
And now she changed her mind again. Women are strange creatures!
Uffe has reclassified me on his link page. Two days ago he was not ashamed to admit he knows me. Now he just reads my blog. Very upsetting, especially considering this is not a fucking blog. This is a diary; the word "blog" does not exist.
Uffe is re-designing his site. I wonder if his URIs will change. I also wonder why he insists on all lowercase. Shows some respect for the language.
Marc Espie explains how OpenBSD works:
On Sat, Mar 02, 2002 at 09:37:15AM -0700, J. Scott Edwards wrote: > I'm still a bit confused. So do unofficial ports eventually go into the > cvs ports tree? Is the whole ports tree unoffical in the sense that you > stated above? Or are there separate unoffical ports? > > I have been planning on making a port of a couple of my small projects > on Sourceforge just to get a feel for the whole ports process and how > they work. Don't worry. Just do good work, and it will be picked up by the OpenBSD project at some time. We are chronically short-manned. So it may take lots of times for the project to adopt new stuff. Likewise, there is some diversity in the quality of submitted material. If a port needs some profound work to actually fit within the OpenBSD ports tree, someone must take the time to do that work. And Liam is doing some very useful work in letting us know what's going on. Don't worry. Just do the work. If it is good, we'll pick it up.
I have nothing in particular on my mind these days, and you know me. I will rather shut up than talk crap. Let me get the following off my chest, however.
I fixed an end-of-month bug in the "latest entry" script. Sloppy. I should have caught this just by reading the code. Apologies to those who got up before me this morning. If a new month does not exist, you will now be redirected to the table of diary entries.
Wednesday I purchased a 75g Bewley's Irish Coffee Truffle bar, which I will be consuming this evening around 6pm. It is my weekly chocolate allowance. I am very much looking forward to it. I let it sit right in front of me on my desk for the purpose of testing my willpower.
I really do not get the big deal about diets.
Earlier this week I emailed a job application and my CV to a Danish
insurance company who were looking for security people. A few days later,
someone from their Human Resources department contacted me and explained that
the attached file was filtered by their mail server due to the risk of viruses.
The file in question, alex_holst_cv.html, was my CV in HTML
format. You would think the filename would give it away. I was asked to clean
my email and resend my application. The HR person had included my original
coverletter in his response, and at the end I could see the notice put in by
the anti-virus software, explaining that the file had been removed, and that it
was available by contacting whatever names if the file was deemed
relevant for the persons work.
I kindly explained that I was unable to clean my application as the attached file was my CV in HTML format. I also quoted the notice which replaced my CV and suggested that HR follow the internal procedure to get a copy of my CV as it might be of relevance to their work.
Today I recieved email saying I will not be considered for the position. Muppets.