27 Nov 2007
Bank Robbery
8:30 pm at a deserted Bank of America ATM: as I drove into the parking lot, what I saw made my hair stand up. An old windowless car was the only one in the parking lot. Two people were dragging sacks of something hurriedly into that car. That made it look like a text book bank robbery, except they weren't wearing any masks, nor holding guns up in the air. Looking at the volume of the bag it looked like they would have emptied millions of dollars. Our robbers then accelerated past me, innocently smiling at me. They looked like senior citizens burgling banks for fun!
I got down the car and went towards an ATM and there is no sign of breakage or forced entry; all lights were on inside the bank and the scene looked perfectly normal.
What our thieves looted wasn't bank but the trash container!! It was completely empty as if the trash was cleaned up.
Either they were from a garbage pickup company which used cars instead of garbage trucks or they were the identity thieves trying to piece together account details from ATM receipts, or merely garbage thieves hoping to make money at the recycling unit. One thing for sure, I'll go get a good paper shredder tomorrow!
Link |
06 Jul 2006
Installing err Recovering Windows XP
Factory Ferrari 4000 came with two partitions: one about 3G of unknown junk and another about 40G installed with Windows XP. One of the few things I did on my Ferrari 4000 was to blow away its Windows partition and reuse its space attached to a ZFS pool. Adding or removing partitions to a file systems is not only possible, but also easy with ZFS - the last word in filesystems!
Everything was fine, until I had to fill a form on an US Government site, which had a page, which had a big
button titled "Continue" and above it were these words written in red, font size X-Large: "CLICK THE CONTINUE BUTTON ONLY ONCE. DO NOT CLICK IT AGAIN AFTER YOU CLICK ONCE. PLEASE WAIT FOR THE NEXT PAGE WHICH MAY TAKE SOME TIME TO LOAD.."
I faithfully clicked the button once, the mouse pointer showed busy signal and the page was waiting to load ... 1 min ... 2 min ... 15 min ... it is still waiting! I have no idea what would happen if I clicked it again.
Well after some investigation, it seemed, that brainless site either used active-X or some other critically insecure Technology (or No-tech-logy), that refused to work on Firefox, not even on the latest Opera 9 (it is available for Solaris x86 right on their download page!)
At any cost I had to submit a form in the national interest of United States, and thus had no option but to re-install Windows. I hadn't thrown away the recovery CDs, because like everything else that came with the laptop, they happen to be Company property. I backed-up all data on Solaris partitions just in case the Windows recovery program happens to erase them. I Inserted the recovery CD and rebooted. It started restoring windows. It took about 45 minutes, changing three CDs in the proces, before it said "Recovery complete". (Ah, Solaris install from a single DVD is so painless and faster)
I rebooted and was delighted to see that GRUB is still there and showed an option to boot Windows. On booting windows, it said "Preparing to start windows for the first time.." ... BEEP ... A black screen and a small dialog "Setup was not complete"; with a single 'OK' button. I clicked the OK button and it rebooted. May be I had inserted the CDs in wrong order, when it asked disk 1 of 2... may be it rebooted before installing everything ...
So I restarted the recovery process all again.. After another 45min to 1 hour of listening to the Recovery CDs whirl inside the drive, I encountered the same dreaded black screen with a short dialog box that said "Setup was not complete".
Third attempt, meanwhile few friends knock the door, and to get them directions to somewhere, I had to reboot in Solaris to use Google maps.
Fourth attempt, 45 mins.. big black screen with small dialog box that is laughing at me "Ha Ha Ho.. Set up is not complete. Hu Hu Ha Ha". Here I am sacrificing my comfort of Firefox browser on Solaris desktop environment, in the interest of safety and security of the people of this country, to submit an online form of utmost National importance to United States, more critical than war in Iraq or the rhetoric in Iran; and this silly small evil dialog shows up from nowhere and throws up a meaningless OK button like a North Korean missile ... and laughs at me.
Not accepting defeat, I tried for the fifth time. Just like North Korean missiles do not carry the name or brand which supplied the underlying Technology, nowhere in the recovery program can you see the brand name of Microsoft. While searching for the brand name I saw the vital clue which was the main reason for failure to set up, even when the recovery program hailed it a success. This whole brainless recovery thingy was going on to the factory default 3G partition, too small to fit the recovery bits.
Then I picked up a Linux Rescue CD that had QtParted tool and deleted the 3Gig partition and the old Windows 40Gig Partition to create a new 20G FAT32 partition meant for the recovery tool to reinstate Windows XP to that partition. It went fine this time, and when I saw the chiming XP animation, I knew Victory isn't near yet.
The most crucial part is now to get the latest updates from Microsoft headquarters, quickly before the vanilla system gets infected with numerous worms, launching deadly packets targeted at my Widows RPC ports. I quickly navigate to Start -> Control Panel -> Security -> Check for Windows Updates.. It goes connects to headquarters and the very first message from there is "Please try our Windows Genuine Advantage tool!"
That is like a silly pepper mint jingle advertisement to a soldier in distress, needing critical supplies.
It took two reboots and about 60 minutes to completely reinforce the system with latest updates.
Much more time to upgrade than it took to setup.
Finally, bruised and hungry, when I clicked on that button which had the large red text above saying 'CLICK ONLY ONCE' I felt victorious!
Well, While not all software is perfect,
Imperfect software sold at hefty prices is cheating,
Charging for imperfect software bundled with a laptop is extortion,
Asking money for its security updates is blackmail,
It is also greater threat to world peace and security than North Korean missiles.
Link |
16 May 2006
At JavaONE
I stopped by
JavaONE Moscone Center, this evening, it was quite crowded. Java Pavilion was bustling with companies and groups showcasing some of the amazing stuff with Java.
John and team won Duke's choice award for
model rail road. There was a java GUI app that reflected the state of the track. You could change tracks by clicking on the track in the GUI.
My mischievous mind changed tracks when the train was half way through a junction, causing the train to get stuck in the middle!
Another really cool stall was the
Looking Glass 3D desktop operated by hand gestures (just like in movie Minority report). You could wave away a window or maximize it by pulling it towards you. (see the new videos from Cebit on
lg3d site)
Link |
08 May 2006
Security Sun Alert Feed
Sun publishes
Sun Alerts to warn users about product issues. A Security Sun Alert is published for every security vulnerability found in supported Sun products.
You can
subscribe to a weekly summary email of all Sun Alerts. Hoping that an
RSS feed is one way to propagate the news on the net, I wrote a small web-scarping script that looks at the
SunSolve Sun Alerts page on an hourly basis, and posts a summary of all recently published or updated Security Sun Alerts to the Sun
security blog (
http://blogs.sun.com/security)
Apart from Sun Alerts you may also find notes about product security issues (like the
AMD64 FPU issue, to which Linux and BSD were vulnerable, but not Solaris!)
See also
alertpool which is aggregating security alerts from major vendors and sites.
Link |
25 Mar 2006
Parsing Sun Alerts
If you wanted to parse a
Sun Alert to get meta data like its synopsis, product, state etc.,
here is something more than plain old regular expressions. It is a XSLT transform, that reads a Sun Alert html file and just prints the metadata in plain text format.
Use xsltproc(1) to process the Sun Alert this way:
$ /opt/csw/bin/xsltproc --html saplain.xsl 'http://sunsolve.sun.com/search/document.do?assetkey=1-26-102262-1' 2>/dev/null
Sun Alert ID: 102262
Synopsis: Security Vulnerability in sendmail(1M) Versions Prior to 8.13.6
Category: Security
Product: Solaris 9 Operating System, Solaris 10 Operating System, Solaris 8 Operating System
BugIDs: 6397275
Avoidance: Workaround
State: Workaround
Date Released: 22-Mar-2006
Date Closed:
Date Modified: 24-Mar-2006
The intent is to channel this metadata to an RSS feed, so those who prefer a RSS feed for Sun Alerts can get them that way. Watch this space for more to come.
Link |
who keep the world's computing infrastructure safe, (aka white hats) is happening in Baltimore in a weeks time.