Recently in Computers and Technology Category

I'm a bit late to the game with this, I know, but I actually used Macfusion today for the first time since upgrading to 10.6 and was nonplussed to find that it wasn't even *trying* to connect.

This post explains how to fix things, with the exception of stipulating that you need to kill the agent as well. It will look something like this in a process listing (ps -xw):

/Applications/Macfusion.app/Contents/Resources/macfusionAgent.app/Contents/MacOS/macfusionAgent -psn_0_6

I just kill -9'd that sucker, although more gentle ways of killing it might have worked. Either way, it was insufficient for me to merely exit Macfusion.

At work I have a netbook running Ubuntu Netbook 9.04. At one point I changed my login password, and then wanted to set up our test WPA2 network on it. It prompted me for my keyring password, which was very frustrating since I apparently didn't know that.

If you change your login password on (at least) Netbook Remix edition, it won't change your keyring password:
see heah for screenshots etc.

GJ Ubuntu.

Developuction: when a service or host intended for development gets pressed into production. Usually this is done in a reaction to some external event, and nearly always results in fail somewhere down the road. If sysadmins are lucky, it just means the service collapses under a load it wasn't designed to handle. If they're not lucky, it means that somebody took a shortcut that compromised security somewhere, and the box gets well and thoroughly pwned. This is nearly always the fault of the sysadmin and not the developer who wrote the code, or the manager who caused the service to be pressed into production.

Developuction is a fact of life for many system administrators, and points to one or more serious issues in their shops. For instance, they could lack professionalism. This is generally ignorance, which is sometimes willful. They could be not granted any authority over technical decisions, in which case management needs to understand why it is that professionals are hired. But ultimately, it's a sign that short-term answers are favoured over sustainable long-term stability. Sometimes shops get lucky with developuction, and later they run into trouble when this luck is confused with competence.

We've all done developuction at some point or another. Sometimes it really is the best way to solve a problem. The key is understanding when it's acceptable, and being able to properly analyze the risks involved. It helps if you've not treated the development machines as a place where processes don't matter because "it's just a dev box."

Actual conversation I just had with a new Windows XP box:

XP: O HAI U R NOT UPDATIN

me: yeah, I'd like to go upd-

XP: OH HAI U R NOT UPDATIN AND U HAZ NO AV

me: yeah, I was about to -

XP: O HAI, WOULD YOU LIKE ME TO UPDATE?

me: ok, so go upd-

XP: O HAI WOULD YOU LAIK A TOUR?

Dealing with Windows is just like dealing with an ADHD child who also has HIV and you have the cure except you can't inject it into the kid because it's whirling around in a circle showing you the new dance it just made up.

And then when you've just about caught it, some dude in a black hat walks in and shoots your ADHD HIV+ kid in the head and the kid turns into a zombie and tears your throat out just before turning all your other kids into zombies too.

Life with Windows: like life with zombies, only infinitely more exciting.

I was listening to Patrick Gray's Risky Business podcast last week, and I was struck by a statement he made, so I scribbled the following in my notebook:

As security professionals, we're used to technical incompetence and wilful ignorance, yet we say "Spam must work, otherwise spammers wouldn't keep doing it." That is, we believe that they must be making money off their spam offerings, else they wouldn't continue filling our inboxes with offers of Canadian drugs and methods to make our various body parts so large our partners would reasonably be frightened seeing us naked. In a world of botched marketing campaigns and incompetent management and co-workers, why do we assume that spammers necessarily have better business sense than people who fall for Ponzi schemes, or give low-percentage mortgages on homes people could never realistically afford?

In short, why do we assume that spammers are perfectly competent, when ample evidence surrounds us that "normal" business people can be somewhat less than such? Do we know enough about those sending spam to know that their business model actually works, or are there a certain number of spammers pumping good money after bad in trying to reach people who will buy product sight unseen online?

This isn't an attack on Patrick, who has an excellent podcast. It's not just him saying this, and I've been... guilty? of doing the same thing. But why this assumption?

Normally pogowasright ("privacy news from around the world") leave out the editorial comments, but this one had me fairly angry:

Let's see: the headmistress plugs her laptop containing the photos into the school's network and the boys are being treated as "hackers" and the photos as "stolen?" Placing the blame on the students when the teacher seemingly shared the files on a network -- however unknowingly -- does not seem quite fair to the students.

The story is a bit thin on facts, but it would appear that a schoolteacher plugged her laptop into her school's network, left filesharing on, some students found some photos of her in her underwear, and then shared them around. The students are being castigated with the label "hacker".

I'll agree: what the students did was not hacking. All they did was to poke through some (probably not even password-protected) fileshares.

But come on, the students shouldn't be blamed for poking where they're not supposed to be? To trot out the tired old house analogy, just because I've left my door unlocked doesn't mean people should feel free to come in and rummage through my stuff, take copies of my books, and so on. One might say that the students didn't know she hadn't shared the files on purpose, but one might also be an idiot.

Unless there's a sign on my door that says "come in and rummage through my stuff," I think society generally accepts that I made a mistake and people who go through the unlocked door are intruders and trespassers.

It's nice to see that blaming the victim is alive and well though. While it's irresponsible and foolish of her to have put those photos on her presumably school-issued laptop, that doesn't mean it should be open season on her embarassing pictures.

Gina Trapani has a lifehacker post on how to revive bloaty Macs.

My wife's iBook has been misbehaving the last several months, so I should give this a go before I reinstall, see if it actually helps.

I upgraded my Ubuntu VM at work from 8.10 to 9.04 and promptly started suffering from slow mouse, no matter how high I cranked acceleration in the GNOME preferences. Or in WindowMaker, for that matter. I checked that I was at the latest 2.0.4 Fusion release, and that my Ubuntu packages were all up to date. No joy.

Some googling and I found this post sort of helpful, in that it said to install the xserver-xorg-input-vmmouse package - but I already had it installed. So I dropped down to the CLI, stopped gdm, then removed and reinstalled that package and re-started gdm. Hey presto, mouse zooms around quite nicely.

Now I forget why I needed the VM, but at least I know next time I do, the mouse will work.

Per findingada, this is my Ada Lovelace tribute. My exemplar of women excelling in technology is one of the people who got me interested in - inspired me to take up - technology as a career. Despite not being a system administrator or a techie or a programmer or a designer herself, she nevertheless set a good example for me and, I believe, a couple of generations of young women she taught to use computers to solve problems.

This woman's name is Dian, although when we talk on our weekly telephone calls, I call her Mum.

My mother isn't any of what we would recognize as one of the traditional technical roles. She has a PhD in quantitative genetics and is a professor of animal science, but some of my earliest memories as a child involve going with her to the computer lab at the University of Guelph. She would set me up on a keypunch machine with a few cards while she did her own computer runs and other work.

When we moved to Nova Scotia, she helped to set up a computer lab at the Agricultural College, and one of the courses she used to teach involved computerized statistical analysis. I spent parts of a few summers helping her to run the lab, and got my start in security there too; I found some of the lab machines had been infected using Stoned while chasing down what I thought was a bug in a program I'd written to do hardware inventories.

I found out later that that class was infamous among some of her students; it was required for those who wanted to do the pre-vet program, and when I ran a business in the same town in which my mother teaches, I had a veterinary clinic as a client. The staff there had mostly done their pre-vet at the AC. Their expressions became very guarded when I told them who my mother was, and they cautiously expressed the opinion that the class was good but extremely tough, my mother a tough but fair professor, and that while they didn't come out of the class loving computer analysis, they did respect the machine as a tool.

When I was 12 or 13, I came home one day to find my parents formatting floppy disks for their latest acquisition, a Commodore PC-10II. I know now that it was an 8088 at 4.77MHz with 640KB of RAM and a CGA adapter, but at the time I was slightly disappointed that it was not a Commodore 64. Nevertheless, I played around with it, and when I took a computer class in high school and learned some Pascal, my parents bought me a copy of Turbo Pascal 5.0. My mother encouraged me to continue programming and bought me upgrades to TP 5.5 and 6.0 Pro. I spent my allowance on and received for Christmas and birthday presents several programming books and tools: Pascal, x86 assembler, graphics, QuickC, Turbo Assembler, and probably lots of others I've forgotten. I was never an expert user of any of these tools, but I did learn a lot, went on to CS at UNB, failed out, and now I work in IT anyway.

I don't know that my mother will ever win any awards for women in technology, but to me she proves that you don't need to be a hardcore coder or a sysadmin to be successful at using computers. I hope her students learned that too, while they struggled with their analyses. She is definitely responsible for helping to put me where I am now.

An essential part of computer forensics is talking to the user. I talk about this in the presentation I gave to the campus technology conference last December and will probably be re-addressing that this year. A key thing to remember is that talking to the user is the beginning of your forensic process, not the end. Too many people are willing to take what our users say at face value - "no, I don't run P2P software," ok, so it must be something else. Sometimes it turns out that the something else was Skype or some television viewing software. Both of those are (or can be) p2p as well, but since they're not BitTorrent, people forget about them. This is not to say that we need to approach our users in a hostile manner, as some do - that is counterproductive. Rather, we need to take our time and doublecheck: "ok, so you don't use p2p, but this behaviour just started - what have you installed lately?" Sometimes that approach yields the answer you need. Other times, it's more digging. This post was brought about because we've been seeing a lot of alerts on possible Kraken activity on our network courtesy of our Snort sensor, but in the one response I've received, it was to say "oh, I reinstalled the workstation, so no problem." I'd even asked specifically if the admin could check to see if there was a problem, since I don't know how well this rule is working for us. Another admin did actually dig down, and the user's response was essentially nope, no p2p, but I just started using this software called UUSee to watch soccer games. Turns out there was a game on the same time we were receiving the alerts. I never claimed to be the sharpest crayon in the box, but I can connect two dots if they're put down for me.