Categories
geek internet opensource security software

firefox security upgrade

Firefox
A Firefox upgrade v1.0.1 is now available for download containing a fix for the previously mentioned spoofing vulnerability, other security fixes and some changes to make the browser more stable are in there as well, which is sweet (see El Reg for more info).

A bit annoying is the fact you can’t just slap it over your previous installation, but are advised to install in a separate folder. Fortunately all your settings are copied automatically, and plugins like Flash can be reinstalled through the browsers plugin installer in a few clicks nowadays.

More upgrade goodness with Trillian upgrading to v3.1 today. Yay!
Some new features are added, together with some bugfixes and performance improvements. I haven’t noticed anything in particular yet, but I’ll just take their word for it anyway and feel all warm and tingly because it’s using my computing resources more efficiently now… whoohoo!

Yes, I’m a geek, I know.

Categories
security software

linux myths

Wheeeeeee, I just noticed the recent Register article Is Linux security a myth backs up my previous post on security of Open Source Software.
This quote sorta sums it up:

Using Linux is itself no guarantee of “security”. The same is true for all operating systems. Each platform needs to be managed actively. Bugs, viruses and other malicious threats to a system will occur. This is why it is vital that every IT system be supported with excellent management procedures to ensure its long term availability and security. Technology alone is never “secure”.

Categories
freedbacking geek software tips

lagging logs

I was pretty pleased with the new Trillian 3.0 I upgraded to a while ago. It looks nice, and performed well… until recently.

For some reason I noticed some sort of typing lag when chatting, which is extremely annoying, especially if you can type pretty fast like me. You tend to think some keys went missing somehow, so you retype them, and then they appear double, so you start deleting, which lags as well, and then you delete too much…. ghaaaaaaaaa!!! frustration guaranteed! There’s something really annoying about the feeling your machine is slowing you down that makes you want to smack it, uninstall, and try out GAIM oslt.

Yesterday it lagged out on me again, in a bad way. Unusual disk activity, hardly responding to key presses, almost crash-like behavior, and worst of all, looking stupid when you type rubbish into a chat window… But then it stopped as soon as I closed a certain IRC chat window.

Hmmmm, odd…

I figured it out today when I checked the log files Trillian keeps. For some reason it keeps 2 of them for each session. A plain text file, and one in XML format in the IRC\Channel folder. For the IM networks it keeps the XML copy in the \<IM network>\Query folder.
I’m not sure why this is, but I’m guessing maybe the Pro version has a search facility which works with these XML files.

Anyway, when those files get big (like around 16MB in my case), Trillian seems to be getting in trouble appending new messages to them constantly. It would be neat if they would have implemented a way to rotate those log files automatically.
It’s a simple feature which is lacking in a lot of software unfortunately. Programmers should realize that log files, or whatever kind of files their software automatically creates might eventually become too large to be handled properly by the software itself, or the operating system.
Starting a new log file as soon as a given limit is reached (lets say 10MB) would solve this issue without having to bother the user (yep, me) with it, or in this case, giving the user (which is, again, me) the impression Trillian is slow and laggy.

I renamed the files manually for now, and judging from the first logged entry in the textile, I should be safe for about another year now… :)

trillian screenshot

Categories
geek microsoft opensource security software windows

not that secure after all

It’s been an interesting week for IT security. Next to the, almost usual, patches Microsoft advises it’s users to install asap, a nasty domain name spoofing problem emerged in the open source browser Firefox.

Even software like F-Secure that should be protecting your systemsfrom getting infected has been proven to have some serious issues of it’s own this week, which is at the least quite interesting, and also quite dangerous for anyone using the product right now.

This clearly shows that every piece of software has it’s vulnerabilities, and the claim that Firefox, Apple, Linux or whatever is safer to use than those evil Microsoft products is at the moment still true, but not because it’s code is so much safer, but simply because it’s still under the radar of virus writers and phishers.

The future will prove if the Open Source community will be able to patch security holes quicker than their commercial competitors (there’s a patch for the Firefox vulnerability online already), or if their code is really so much more secure and harder to exploit.

I’m guessing Firefox will be the first main target for virus writers and blackhat hackers in the coming year, as it’s gaining more and more popularity among the less tech savvy as we speak, and thus also becoming more interesting and visible on the evil hax0rz radarscreens.

So to keep your computer safe it definitely a good idea to keep yourself out of sight by using the not-so-typical tools, which are in most cases just as good, or even better than their commonly used MS counterparts.

Dudley lock by wmacphail

Categories
blog geek software tips

blogger what’s playing hack

That little playlist automation script I talked about earlier was neat, but sort of limited.

I was thinking that it would’ve been neat to also update that script when I listed to some music at work, but since FTP is out of the question in that case, I had to come up with something different.
A HTTP post would’ve worked, but since I didn’t feel like writing some ASP/PHP script somewhere to store the data into a database, I thought of using a second blog to store the playlist instead. I could then change the blogs template in such a way that it would render JavaScript code instead of HTML code, so I could include it in this blogs template, and have it print out my most recently played tunes.
Sweet!

So this is what I did.
To get the data in the blog I’ve set it up to use an email address to receive posts on, and automatically publish those. I’m using Blat to email a text file containing the last mp3’s info, which is created by the AMIP “now playing” WinAmp plugin, to the blogs email address.

I changed the template so it generates JavaScript code to populate a class that stores the data, using the “number of posts” setting to control the number of items written into the script (e.g. 10), which is also the number of items that will be displayed in the result.
This worked fine, besides for the fact that blogger insert a number of custom HTML headers (like the blogger toolbar) into the file, which screwed up the JavaScript include. Fortunately, when you have blogger publish the page using FTP to a different server, this doesn’t happen, so my JavaScript include is now clean, and ready to be used.

W00t!!

It ain’t perfect though, but nothing in life is, isn’t it. I noticed that sometimes blogger seems to have some trouble posting the results automatically from the email interface, especially in the evening, why the US gets active I guess, but few emails seem to really go lost. I get an “XML-RPC Error or Publishing Problem” error message now and then, and I guess zapping through some mp3’s, and thus sending some emails in short sequence of each other, might be simply choking the blog a bit… oh well. I did extend the update delay in AMIP to 40 seconds to prevent zapping around from being noticed, giving me some time to skip that Britney Spears track before it ends up in the log…
At other times there seems to be a delay processing the posts, which means the now playing list can be behind on what’s really playing at the moment, but that’s no biggy either. I’ll just remove the time indication if it starts to annoy me too much.

Here’s some of the code in case you’re interested in the more technical stuff (as if it wasn’t technical enough already, whoehahahaha!!):

The playlist blogs template:

<Blogger>
playlist.add("", "<$BlogItemBody$>");
</Blogger>

Which results into something like this:

playlist.add("12/11/2004 07:33:31 PM", "bong ra - kinkfmmix");
playlist.add("12/11/2004 02:34:48 PM", "kid606 how we shock it");

This piece of script takes care of handling and writing the playlist. Feel free to rip it.


function Playlist(){
this.items = new Array();

this.add = Playlist_add;
this.last = Playlist_last;
this.getItem = Playlist_getItem;
}

function Playlist_add(date, item){
var re;
re = /<\/(.*)>/g; // remove html end tags
item = item.replace(re, “”);
re = /<(.*)>/g; // remove html start tags
item = item.replace(re, “”);
this.items[this.items.length]=Array(new Date(date), item);
}

function Playlist_last(){
return this.getItem(0);
//return this.items[0][1] + ” at ” + this.items[0][0];
}

function Playlist_getItem(index) {
var result = “”;
var now = new Date();
var itemdate;

if (this.items.length > index) {
/*
itemdate = this.items[index][0];
if (itemdate.getDay() == now.getDay()) {
result = itemdate.getHours() + “:” + itemdate.getMinutes();
} else {
result = itemdate.getDate() + “/” + (itemdate.getMonth()+1) + ” ” + itemdate.getHours() + “:” + itemdate.getMinutes();
}
result = “” + result +”
result += ” : ” + this.items[index][1];
*/
result += this.items[index][1];
}
return result;
}

function getPlaylistHTML() {
var i;
var s = “”;

for (ix=0; ix < playlist.items.length; ix++) {
s += playlist.getItem(ix) + ”
“;
}
return s;
}

function showPlaylist() {
document.write(getPlaylistHTML());
}

var playlist = new Playlist();

One of the cool things about this thing is that the blog has become a crude database, which can be exported to XML easily, and used for whatever purpose I see fit.
Now I just have to keep RIAA away from it… ;)