I am no longer able to sleep next to the Spirited One; it has been like this for a while now. The bed is too soft, which means when one of us as much as blinks, the other person feels the mattress quake. For now, we have grown into the habit of me staying up all night and sleeping while she is at work (approx. between 7.30am and 2pm). How does that sound?
In the dark hours I found a place that sells acceptable 1U (and 4U) machines at one quarter of the price I paid for my PowerEdge. Granted, those machines come with IDE drives as opposed to UltraWide SCSI, less warranty, less spiffy network cards but they still might to the job in most situations.
I have also been looking at mad HP network switches and cheap diskless workstations.
Red Dragon starts showing in Danish cinemas on 25 October. Ask me if I am going. Go on. Ask me. I dare ya.
Those of you who recall The Crow, might like crowfans.com.
Theo wants to fork OpenSSL due to license problems. I have dared him to name it ipf. I was bored.
Uffe is dropping his blog application (which does not use XML after all), so no point in wasting more energy on the matter.
So, do you happen to have a diff for PostgreSQL that makes it use
getpeereid() for authenticating local connections instead of
insisting on using loopbacked TCP connections and ident for authentication?
If you do, please mail it to me. I need it for a project I have to get done in the near future.
I have been playing Battlefield 1942 for the past 3 or 4 days. It is about twice as addictive as Operation Flashpoint. Very dangerous.
Took a look at Uffe's diary again and could not believe my eyes. I had assumed he was a somewhat competent programmer. He developed and maintains a type of diary update service and because a user changed some XML in one of the diaries monitored by this service, the blog application became unstable. Uffe complained that users were stupid and unable to follow simple guidelines. This is indeed true, but the basic problem is something else. I sent him email offering that perhaps his application should do input validation and handle errors correctly. I will keep you posted on his reaction.
Recently I have become very acustomed to programmers not seeing the benefit of things like source control or security fixes in their code. I do not know why I bother sometimes.
I have observed a depressing tendency in employers over the last few months. Well below 50% of the companies I have applied for jobs with never bothered to confirm receipt of my application. In the last two weeks I have applied for 4 different jobs and only one place has yet sent back a brief "We got your application, thanks; we'll get back to you shortly" note.
I am halfway through "Solid Software" by now. It quotes two instances where improving software development processes led to significant cost-savings and software quality. One study quoted $7.4 return on every $1 invested in improvement. Of course the trick is to determine the correct areas to spend the money, and know when to stop spending money.
HTTP-based worms like Nimda and Code Red means there is no need for attackers to start scanning large networks in search of machines they can use as jump points. They simple setup their own http server, and when they see connection attempts from infected machines, simply connect back to it and use it to hide their tracks.
Did a bit of work on snakeoil.dk. There is still a backlog of products that need review and there are a number of issues I want to post commentary on. I cannot be everywhere at once.
If one XOR is good TWICE IS BETTER! -- mudge.
Borrowed a wireless NIC today. We will see what we can see around town. I wonder if there is much of a future in blackmailing well-known companies by threating to tell the entire world how to abuse their shitty wireless networks.
I could always plead insanity: "Your honor, nobody in their right mind would offer WLAN configuration advice by demanding 200K delivered to the guy with the attitude problem sitting on the bench across the street."
There is something wrong with my usenet reader; it does not show new posts to comp.risks so I had to visit risks.org to catch the latest issues. Companies get away with stupid shit, and people who are trying to do good by exposing frauds or vulnerabilities are incarcerated for 2-5 years. The world is really fucked up. How the hell do you mitigate that risk?
I still need a 2.5" IDE drive donation. Anyone?
The money I was supposed to have lived off for the next 6 months will not be made available to me. It was money I paid into my pension fund when I worked at IBM Ireland. Unfortunately when you take part in their pension scheme for more than 2 year you cannot claim a refund. I was told by Mercer, the handling company, just a few weeks ago that the limit was 3 years, so I had nothing to worry about. My only option is to transfer the fund to a different pension scheme, but I need an employer for that and the money would still only be made available to me at my retirement.
So, I have no money. Dave, the stoned test bunny, suggested I started slutting myself around to whoever was willing to pay any amount for my (security?) services.
Fortunately, the Danish welfare system is not entirely crap. I will recieve enough money to eat, but only in exchange for doing garden or street maintenence for 3 months. Instead they should send me on a tour of the public schools in the area, all of which have various problems with their computer systems. They would get cheap IT expertise and I would get to do something remotely related to my field. Schools in Aalborg would end up with the most reliable systems a public school has ever seen.
This is great. Just great:
BRIAN Valentine says he's not proud.
The senior vice president in charge of Microsoft's Windows development team has reason not to be. One of his most notable works, the Windows 2000 operating system, has a security record that is nothing to boast about. In fact, it's downright dismal, many experts say.
[..]
"I'm not proud," Valentine said, as he spoke to a crowd of developers here at the company's Windows .Net Server developer conference. "We really haven't done everything we could to protect our customers ... Our products just aren't engineered for security."
I hate repeating myself but here goes: these are the people who want us to run their software and nothing else. No alternatives.
In other news, that consultancy company, Devoteam fixed the bug on their website this morning, and are not interested in my services. Go see if you can find one!
Called the consultancy company to enquire how they wanted to proceed with their buggy website and my job application. I was assured both were being dealt with. Earlier I forwarded my original email to a generic email address on their site, hinting that they could really use my help. The problem has still not been fixed. People are willingly giving their money to these people in exchange for various information security services. I should just publish my findings and let the wonders of public pressure deal with it.
Found an almost identical input validation problem on insecurity.dk, of all places. Mailed the admin a hint.
Someone does not like my former employer, going as far as launching a website (eircomtribunal.com) to debunk their PR. My former employer is accused of being run by incompetent people! Can you imagine?
The Register carries a story about the site.
The Dominion saw an unusual high number of visitors from my former employer yesterday and today. Cause as of yet undetermined. Perhaps the occurance of the word "arrested" in yesterday's entry had something to do with it. The consultancy company from yesterday has not contacted me, and the vulnerability is still present on their website.
Got lots of presents, including mints in a box shaped like the head of Papa Smurf. She says Papa Smurf reminds her of me. Also got a shirt which apparently makes me look delicious. She took me to the finest Italian restaurant in town.
Lately I have been toying with an idea on eliminating virus and worm (any malicious attachment, really) threats in corporate environments without the need for lame anti-virus software that needs constant updating. I may not be a programmer, but I have got a shitload of coding to get done in the near future. Bugger.
Cruel quote of the day:
"If a kid asks where rain comes from, I think a cute thing to tell him is 'God is crying.' And if he asks why God is crying, another cute thing to tell him is 'probably because of something you did.'"
Oh, a while ago I was invited to help with net-faq.dk which is the FAQ for the Danish Usenet networking forum. I accepted. More contributions planned. I got some other shit to do first though.
It be mah birthday tomorrow. Send nice presents!
She gave me a DVD copy of Wonder Boys as a kind of pre-birthday present (I guess) and I watched it yesterday. Excellent movie, just like the last time I saw it.
Went to see Minority Report. Decent entertainment for 147 minutes.
I mailed my CV to a consultancy company a few days ago and they responded with a standard "we'll get back to you". I was bored on Saturday night so I took another look at their website and found a serious security problem with one of their search functions. I mailed the HR person with the information and advised that she forward my email to the security officer. If I go quiet, they decided to have me arrested rather than acquire my services.