Recent blog entries for modus

modus_operandi writes (via

Clever malware authors have come up with a way to disguise malicious executable files as innocuous data types by writing the file name backwards.

On May 11, analysts at Norman ASA (anti-virus software vendor based in Sweden) published details of the exploit in this report:"The RTLO unicode hole — sequence manipulation as an attack vector".

The trick is accomplished by using Unicode control characters such as 0x202E (right-to-left override) and 0x202B (right-to-left embedding) to reverse the direction of the text in the middle of a filename, and may be used to camouflage filename extensions in email attachments and on the web. Additional information can be found here (PDF) and here.

Although the payload is likely to be targeted at users of Microsoft Windows operating systems (which rely on filename extensions to determine whether a binary is executable) the exploit works on any operating system which handles Unicode correctly. That means Linux and UNIX-based operating systems, including Mac OS X, will also be fooled into displaying a deceptive filename.

14 May 2011 (updated 14 May 2011 at 08:53 UTC) »

> [1] The controversy over pronunciation of "sudo" is right
up there with the "ess-cue-ell" vs. "sequel" wars. (ITYM
"squeal." HTH. HAND.)
>     I used to pronounce it "pseudo" but after much
reflection I switched to "ess-you-doo", reasoning that the
command allows one to DO something after Setting Userid.
>     "Pseudo" means something distinctly different in
computer lingo, also -- e.g., a pty is a pseudo-terminal
interface, /proc is a pseudo-filesystem, and the rand()
function returns a pseudo-random integer.
>     That's why I use "an", rather than "a", when I use
the term "an sudoer" -- my enthusiasm for catchy acronym
pronunciations is overshadowed by my distaste for overloaded
> -- 
> Modus Operandi
> set|
> Fri Apr 29 17:53:27 EDT 2011
> The Moon is Waning Crescent (10% of Full)

Check out my latest Perlscript, which generates a book layout as a PDF from a plain text file. The stories are written by elementary school students, and my job is to split the narrative into pages, one per student, with large frames for the kids to draw illustrations. The script automatically resizes the frame to allow for text and leading, and it automatically increments the page number in the lower right-hand corner.

Currently, the source code is on my Woozle homepage and an example PDF is available here. You'll need Adobe Acrobat or some other PDF viewer.

The first page is just a big empty frame because the title page is 100%  illustration. But don't stop there ... turn the page for the rest of the story!

Famous for Five Minutes Department:

Seth David Schoen of the Electronic Frontier Foundation has quoted me in his web journal at The quote in question is way down at the bottom of the page. It's a silly pun I posted to the Crackmonkey list, only amusing to those who are familiar with Emad el-Haraty and Eben Moglen.

What do you know, I'm an Apprentice.

I haven't looked at my Advogato account in a really long while.
Maybe I'm ready to start posting here again.

Ruggedizing a Cafe Box

  1. Remember to keep the BIOS passwd-protected, and not have any removable media (A:, CDROM) in the boot-path.

  2. Make as much as possible mountable read-only. This should be doable with /usr with little or no modification. It could almost be done with root, except things need to mount on it. The best way to do this is with NIS / NFS, so that a cluster of diskless computers shares network access to a remote filesystem.

  3. For a standalone machine, there's a way to do this by making all the partitions except for /var read-only, then disabling a lot of things that need to write to the disk and symlinking everything essential to the /var partition.

  4. Create a restricted ~cafe account. Configure your *DM (XDM, KDM, GDM, whatever) for autologin to ~cafe. For the public login, make as much read-only as possible. One way to do this is chmod -R a-w ~cafe, and then see what breaks.

  5. Enable quotas. This will prevent .netscape/cache from eating anything but the ~cafe dir.

  6. Pick up a journaling FS when convenient.

Jamie Zawinski used diskless terminals and NIS/NFS in his nightclub for a setup so bombproof, you could even UNPLUG 'EM without halting the system and they don't have to fsck, since they get all their important files over the network.
gtk-shell mozilla-splash


/usr/local/bin/gtk-shell --label "Mozilla is loading, just wait a minute..." --button "OK" &

It's not perfect, I'll concede that. There's still no flashy graphic of a marauding lizard. But it serves its purpose: to occupy the user's attention for 45 seconds while Mozilla loads. Their instinct will be to move the mouse and click on the "OK" button, just to send the window away.

Even though the button serves no other purpose than to close the window, it fills a very important role in the psychology of the GUI environment: it gives an impatient Microserf something to look at while the program loads.

I've polled enough of the Cafe computer users here to know that they share the misapprehension that apps launch slower on Linux. This is untrue, as anyone with a stopwatch recording launch times for Windows and Mac apps can attest. The only difference is that many Linux apps are totally lacking in application feedback, making the percieved load time much longer.

The gtk-shell splash scripts (for Netscape, Galeon and Mozilla) on the AS220 Cafe Freebox will serve the purpose for now. Maybe I'll even learn how to code a meaningless "thermometer" display (you know, like rpm -ivh only slicker) and include a rampaging Giant lizard logo.

But it would be even nicer if the mozilla -splash flag worked in the next release. Even though it may seem like window dressing, it should actually be a priority.

1 Mar 2001 (updated 1 Mar 2001 at 19:21 UTC) »

Chris Blizzard wrote:

Hrm. Well, I'm not against having a splash screen for mozilla but it was voted down pretty hard by the community. Plus, it added some nasty dependencies in the wrong places.

As for a SIGTERM in the launcher script I think that's a bad idea. We need to fix it the right way with lock files and timeouts. Some of that means we need to change things in mozilla but that's OK IMHO. It's not more than a few days work but it's still pretty low on my list of things to do.

Well, I've been thinking pretty hard about this, and I'm surprised that the "mozilla -splash" flag was "voted down ... by the community." It makes me wonder whether the "community" that Chris is referring to here has had much experience with public, shared terminals and donated hardware. It seems like most Mozilla developers probably have their own computers which would blow away the dual-P166, 64MB SDRAM Cafe Freebox -- and they don't have to worry about the 45-second delay that the Cafe User experiences while waiting for Netscape or Mozilla to load.

I think it's also generally true that Linux power users who actually know what's happening when they click on a button are more inclined to wait a minute than the Windoze-trained, point-and-drool crowd, who expect instant feedback from their GUI. Unfortunately, 90% of the folks who use my GNOME install are the impatient sort.

In the context of the Cafe, a tcl / wish wrapper that threw a little logo on the screen would be an easy enough hack. But it would be nice if I had access to a bigger lizard logo than just the GNOME panel icon. I should ask Mozilla logo designer Shepard Fairey whether he'd like to design a new logo for Mozilla's splash screen. Then again, I'm not exactly authorized to spend Mozilla's money hiring graphic designers just because they happen to be bold, iconoclastic young mavericks. :^D

Of course, Chris is also correct when he points out that the SIGTERM is no solution to a problem which should really be solved by lock files and timeouts. Hmm, the "led" script I use to lock and edit dist files for lists does that very thing, and I've already seen the source code for that. Maybe that's what I ought to base my wrapper scripts on.

wtf utsl
UTSL: use the source, luke

1 Mar 2001 (updated 1 Mar 2001 at 09:47 UTC) »
Evolution Of A Linux User by James S. Baughn


James S. Baughn
Humorix: Linux and Open Source(nontm) on a lighter note
Web site:

Blizzard Cares About Mozilla User Feedback!

Even though I committed a major faux pas by mass-mailing all the Mozilla developers instead of checking their online help or lurking in the shadows of some listserv or irc #mozilla channel, Christopher Blizzard was open enough to actually take the time to thoughtfully respond to my query. This man deeply cares about Mozilla, it is obvious, or else he wouldn't have bothered to respond so personally to one of the myriad tiny cyber-gnats buzzing around his personal zillasphere.

I already moderated him as Master, so now I wish there was a higher compliment I could pay him.

10 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!