Older blog entries for Rasputin (starting at number 15)

I've been thinking about system security and the people who try to break it.

Scenario: I pretense my way into some corporate offices and when nobody is watching photocopy a random selection of documents from an unlocked filing cabinet. There is no intent to sell or otherwise profit from this information. After the fact, when I'm talking to the police about my "break-in", I justify it as intended to highlight the horrible physical security in most corporate offices. The company whose information I acquired asserts the value of the stolen material at several thousand dollars, so I get tried for very serious crimes with a real potential for a long jail term.

I honestly see no significant difference between what I described and the all too common cracking that shows up in the news every now and again. The difference is in the perception. Crackers are (commonly) considered harmless experimenters, doing it for the joy of learning and to show the security flaws in most computer networks. A person doing the more physical version (as described) is clearly recognized as a criminal and few people would believe there was no intent to profit.

I realize I'm barely scratching the surface of a very serious set of questions. I believe, however, that the Advogato group is more likely to have considered some of these things than a similar random sampling of North American society in general. As well, as (future) computer professionals, we're much more likely to have had our lives impacted by these types of activity.

Comments welcome ;)

Traded a bunch of hack time for sleep time over the last couple of days. There's got to be a way to get both but I can't figure it out.

M$ apparently has a division whose only purpose is to screw up industry standards. Apparently (just found out this morning) w2k creates these things called SRV records which it wants to associate with A records for the referenced services that it puts into the zone files and it wants the first character to be an underscore (and we don't know why). If these guys ever actually discover rfc's... The result is zones that a BIND server won't load without the check-names master ignore directive which is annoying at best.

Other than that, work is entertaining ;)

Welcome to the World, Max

We have some visitors at the office this week. Quite new to the job, so they were sent over to us to have their minds twisted in an appropriate manner. I think they'll do okay.

Only a small amount of coding on "the project yet to be named". Still mostly in the design phase. It's a fairly complex architecture (3 levels, no waiting ;) It's growing in odd ways. The client is fairly straight forward as it really only has to draw pretty pictures based on information it receives from the server. The other side of the server, getting stuff from the underlying database, is only moderately more complex as most of these problems have been solved innumerable times in the past and by better minds than mine. The tricky part is the black box in the middle. Of course, the client will eventually become hugely complex as time goes on to allow the pictures to be made useable instead of just pretty ;)

Lunch time ;)

I guess it's been a few days since I added to the diary. Hit a brick wall with the QIC/TRAVAN driver for BSD, seems this would go a lot better if the hardware I was using actually worked. Tough to test this way. I guess I'll have to postpone the "go fast" parts for my car (a VW that still doesn't go fast enough ;) and get a real tape drive.

Started work on an open source data modelling tool. Still needs a name. I worked for a time with a tool called Oorianne (made ERWin look like an etch-a-sketch) and I would really like to reproduce the best parts. Especially the ability to intelligently handle Niam models. I'm getting together with Baba (this guy is an absolute data modelling genius) in a few days (I hope) to go over some of the stuff. The user interface is pretty straight forward, but the underlying data handling is starting to look a little hairy. I definately will need some help with the back end data model (which makes this a recursive project ;) which is where Baba comes in.

I watched a community (not the online variety) begin the painful process of exploding. The Executive Director of a non-profit org I do some work with was fired a couple of months ago. He was making colour copies of some original artwork and selling them in an effort to make money for the centre. This would have worked a lot better if he'd gotten the artist's permission first. I won't comment on the morality of this situation (he was trying to help) but he broke the law and left the centre open for a lawsuit, which is definately not acceptable. His replacement was not well received by the staff and they want the old E.D. back. There was a huge fight with the community being split, restraining orders, the board of directors being fired, etc. I think this community is very close to dying and it makes me absolutely sick that I can't do anything except watch.

At least I can look forward to a quiet day at work today. I might even get some coding done ;)

I can't decide if this should be a diary of my misadventures with code or just a general commentary on my life (then again, the most meaningful commentary on my life frequently includes misadventures with code). I finally unloaded responsibility for the last bits of WinCode I wrote, so I can now get on with recreating these beasties as open source. Although, some of the work I did doesn't really translate out of that world in a meaningful way.

I need more coffee.

Apparently I not only need some coffe, I need to find my certification...;) I've been promoted to observer

Another snowy Sunday. I really suspect I should be living in Barbados. At least until global warming improves things in Ottawa.

Learning is never fun ;) I just learned I need to find somebody who knows more about device drivers in FreeBSD than I do and is willing to answer questions with more than the usual "just look at the source from an existing driver and go from there". Anybody in the Ottawa area that would be willing to help, I'll buy whatever your favorite drink is for an opportunity to pick your mind ;) Otherwise this will probably take substantially longer than I originally thought. Such is life ;)

On with the hacking adventures...

Saturdays are obviously a poor choice (at least in my life) for hacking. Working on device drivers with a hangover is probably not the best idea I've ever had.

Had an interesting get together with Baba (my SQL and standards Guru) and some of the people he works with last night. Terry was there as well (although typically late) and we had an interesting chat about why most developers don't seem to want to understand the concept of meta-data. We also chatted about the impact poorly trained money chasers (MCSE. CCNA, etc) are having on the industry. He was amused by the story about the CCNE that set up a DNS as master for the "." domain then couldn't figure out why it wouldn't forward queries.

I finally got the base Travan driver to compile. For my next trick, watch while I pull a rabbit out of my hat ;) Actually wasn't that hard, it was based mostly on the QIC driver from the 3.x stream. Now I have to sort out the underlying connections so it can actually do something. I want to have it happenning tomorrow, but I think Mon night is probably more reasonable.

My wife picked up a copy of Phantom Menace for me (which covered last night until way too late). I felt almost as excited as I did in 1977 when I first saw episode 4 in the theatre. I can't believe it was that long ago. That movie was a real part of my inspiration in getting into computers in the first place. I even spent some time building industrial robots in the early 80's because of that movie (that was actually not the best choice I ever made ;)

Vote the Meadow Ticket !

Another day, another $0.70(CDN) after taxes.

#ifndef SKIP_RANT

Why is it that when a new printer gets plugged into the network everybody feels obligated to print a test page? One is more than enough, everything else is paper airplanes.


On the subject of printing, there has to be a better way. I will admit to being a big fan of "circles and arrows and a paragraph on the back of each one explaining what each one is to be used as evidence against us.." (with apologies to Arlo Guthrie ;) but it's a major pain cleaning off the monitor...which leaves only the tree-ware.

One of the team here found a new (new to us, apparently it's been around for a while) network tool, called dig. Wanted to know more about it so we checked for a man page in Solaris...no such beastie (although that's what he was running it on). Checked HP-UX and same response. Just because I'm like that, I checked FreeBSD and I found it ;) Mark up one point for the open source docs! ;)

Zero accomplished yesterday. Staring at a monitor with a sinus headache just doesn't do it in my little world. Hopefully I'll get a bunch done tonight after a visit with my 'SQL Guru' at his preferred place for Irish Pints. I'm always amazed at the depth of this man's knowledge about SQL and programming language semantics in general. I keep trying to get him involved in open source (even though he's not a hacker) but he feels that standards are enough of a contribution.

Bill and Opus in 2000

I really feel as though the planet-wide clue-meter shallowed out while I was sleeping. I saw another post in one of the lists I follow (FreeBSD-Hackers, I think) from some would-be journalist asking us to explain why FreeBSD is better than Linux for his article. This question is not only not answerable, it's completely meaningless without a context - FreeBSD is/is not better than Linux in what circumstances, what way... You have to look at specific needs and circumstances and make a decision based on that. Even Win (please don't get your knickers in a knot, I'm still an open source type guy) is better than BSD or Linux in some situations. Specifically, for the average home user with neither the time nor desire (and arguably no ability) to go beyond starting the box, reading email and browsing the web (or playing games) the burden of learning and administration of anything except Win is probably excessive. That will probably change in time ( I suspect the majority of people in Advogato are working to change that ;), but it is the case right now.

I get into work today to find customer questions that I would never have expected to see. How can someone who apparently knows so little about network administration have a position of responsibility over a large corporate network? The only good news about it was that it moves me back to the end of the queue for cases, so having resolved the problem quickly, I can get on with important things (like figuring out how to write a BSD device driver ;)

To make absolutely sure I was paying attention, I actually heard there is some consideration of making bridge a demonstration sport for the 2002 Olympics. Complete with random tests for performance enhancing drugs. I really wish I was clever enough to invent this stuff as a joke ;) How is sitting around playing cards a sport? What kind of drugs could possibly enhance your performance at bridge? Steroids? Valium (or would that just help you sit through it)? Caffeine?

I actually have a big piece of my Travan driver for BSD done. I still have a lot of work and a bunch of implementation type decisions to make before it sees the light of day, but it should be ready for testing outside my boxen in a week or so. If I was young, single and still able to function on 2 hours sleep per night for long stretches I would probably already be done. This is a nice (but accidental, really! ;) segue into...

My thoughts on hackers and relationships. It's impossible to generalize enough to say what type of person is most appropriate for a relationship with a hacker. I've been very happily married for 9 years, and my wife will never get beyond very basic computer use (she's not techno-phobic or anything, it's just not something she wants to do). She has, however, helped me grow spiritually, which I never really would have done on my own. We are complementary to each other and, for us, this works really well. The only draw back is that I've had to reduce my total hacking time to make sure there is room in my life for the relationship, including our children. Add to that the fact that as I've gotten older I need more "down-time" and my productivity as a hacker has definately decreased since I started 15 years ago. I still manage 2 or 3 hours per night during the week, so I'm not a total write-off. I even do an occasional all-nighter during the week-end ;) My point (other than the one between my ears) is that we're individuals and the solutions to these problems have to reflect that. What works for me is not guaranteed to work in all cases ( or any case as far as that goes) and what works for someone else cannot be assumed to work for me.

This reality brought to you by Kafka, illustrations by Dali

Some days it pays to be a pessimist :/ I'm not particularly amused by waking up to see snow in April, but at least I wasn't unpleasantly surprised.

On the subject of the Dimwit cert, I was looking at that as more of an indicator of who gets to wear the pointy hat ;) We all occassionally do Silly Things (TM) and this cert is a good way to highlight them. I suggest, however, that it should be a strictly temporary thing. Maybe expiring after a few days.

My fingers apparently don't want to cooperate right now. I guess the third coffee is needed then off to the book store to see what new bits of nearly useful information are available.

6 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!