Archive for January, 2004

A Visit from the FBI

January 30, 2004 in General | Comments (0)

In line with my recent posts about how our own stupidity allows viruses like MyDoom to propogate, I ran across this article from a link on Slashdot. It details how many viruses allow hackers to gain control of remote machines and have their way with them. Pretty disturbing stuff. Somehow we’ve got to find a way to build better security, grow smarter users, or get used to more and more people getting burned online. It’s a shame that so many good things get ruined when the bad guys come out to play.


More on Moron Borne Viruses

in General,Rants | Comments (0)

This is my favorite part of this article:

“It is a little bit of a mystery that it propagates so well considering that it requires human interaction,” said Marc Maiffret, chief hacking officer, eEye digital security.

That’s exactly what I was saying yesterday. There’s no way for Microsoft, Apple, or any distribution of Linux to protect a user from manually running a dangerous program. Admittedly, most home PC’s running Windows are wide open from a permissions standpoint, so running a dangerous program can do a lot more damage than it could on a locked-down Linux machine, but it doesn’t change the point: This virus cannot spread without help. It may be the pathogen, but we are the carriers.


Give me a Break (MyDoom Virus Roundup)

January 29, 2004 in General,Rants | Comments (0)

I get tired of hearing claims like “MyDoom virus declared worst ever.” This kind of virus would go nowhere if people were not so incredibly stupid. I’ve received a couple of these email messages. One contains a .zip file, and in the .zip file is what appears to be a .txt file, but if you stretch out the column in WinZip, you find out it it’s named:

  text.txt            .exe

Shame on you if you opened the file. Pay attention, people! The other one I received contained a .pif file (Program Information File). You should know better than to open one of these.

I think anti-virus software is a waste of time and money, unless you need to remove a known infection. Better to be extremely paranoid about any attachment or download you receive than to allow tools like Norton’s to hobble your online lifestyle. Unfortunately, most people don’t have time for this kind of paranoia, and continue to blindly open included files. Virus authors prey on this stupidity, but journalists like to blame it all on Microsoft. If everyone switched to Linux tomorrow, a similar virus scheme would work just as well, because now all the morons would be on Linux, and they would open the damaging file from a Linux desktop instead of a Windows desktop. Maybe Microsoft could do more (in other words, make it even harder to send and receive attachments), but they can only go so far to protect us from our own stupidity.


minibosses

January 24, 2004 in General | Comments (0)

Holy crap. I had thought about something like this, years ago, creating a band and recording music from class video games. Admittedly, I never considered it for a live touring band, but these guys are doing just that.

Just read an article about them in Wired and made my way to this link. Check out the MP3’s (they’ve got Mega Man 2 and Castlevanie 3 on tap). I’d like to hear more of their stuff (I’m downloading a couple of the videos to check out), but the EP only has the same two songs and some “diary recordings.” I think I’ll wait.


Transact SQL Loops

January 22, 2004 in Programming,Transact-SQL | Comments (0)

I noticed that someone had pinged my site searching for Transact SQL Loops. I figured maybe I ought to post one, since I’m sure my blog disappointed the searcher.

The first thing you have to do is declare a cursor. The cursor will allow you to walk through the results of a query one row at a time, so declare the cursor with a meaningful name and the query that will provide the results you’re looking for:

declare cust_cursor cursor for
  select
    customer_number
  from
    customers
  order by
    customer_number

You need to have some variables declared to catch the results of the fetch.

declare @customer_number as int

Now you can open the cursor and fetch the results. The system variable @@fetch_status will tell you when there is no data left in the cursor. You need to fetch one time before you start the loop so you’ll know if there’s any data to retreive at all, then again at the bottom of the loop to get the next record (if any). Your loop condition is based on @@fetch_status, so the minute it returns anything but zero (for success), you bail out of the loop.

Notice the fetch next/into syntax that reads the values from the next row in the cursor into the local variables you’ve created.

open cust_cursor
fetch next from cust_cursor into @log_date
while @@fetch_status = 0
begin
  ' Do stuff with the value you retrieved
  select @customer_number
  fetch next from cust_cursor into @customer_number
end

Once you’re through with your loop, you need to close the cursor and deallocate to free the resources that it was using.

close cust_cursor
deallocate cust_cursor


Fighting Spam at the Server – AOL and SPF

in General | Comments (0)

AOL is apparently implementing SPF, or Sender Permitted From, an emerging authentication protocol for preventing e-mail forgeries, or spoofing, at least on a trial basis. It’s puzzling that it has taken so long for this sort of thing to show up – it seems like authenticating the originating server against the sender address in an email should have been a basic characteristic of email from the start, but then again maybe not. Certainly there are good uses for “spoofed” email addresses (we have supporting servers that process transactions and send out confirmation emails, with the sender masqerading as one of our other servers on a different ISP). Without being able to link the originating mail servers somehow, these sorts of benign, utilitarian tricks will be harder to do without additional configuration at the DNS. That’s still probably a lot easier than dealing with all of the spam that we do on a day to day basis.

The article says that one downside of SPF is that some spammer’s use hijacked computers to send out their garbage, and that SPF will validate the sender and deem it okay. While this is true, I’m sure the most spam is not being sent in this way today. SPF might force spammers to start using the hijacking technique more (which would make it the next target for a technical solution), but this type of measure should at least reduce the amount of spam that gets delivered, regardless of how much is sent.

I’ll be interested in seeing the results of the trial.


Judge rules Microsoft infringed on Eolas patent

January 15, 2004 in Rants | Comments (0)

I’ve been following this story with some interest. It astounds me that the patent office has awarded patents on so many “concepts” rather than actual “inventions.” Inventing a piece of software that allows one application to be hosted inside of another is no great achievement – that’s what operating systems do, after all. It’s ridiculous that we should have to spend so many cycles even discussing this sort of thing. I’ve been flummoxed ever since Jeff Bezos got a patent on “one click” buying for Amazon.com. Since when is tying a bunch of program actions (looking up credit card info in a database and processing a purchase) to a button click an “invention?”

I’m no spring chicken, but it sure sounds like we need some young blood in the patent office that understands more about the way technology works. It’s time to sweep out some of the fossils that keep making these bad decisions. Clearly they don’t have a clue.


Triple the size of your PDA

January 12, 2004 in General | Comments (0)

I was amused by this article. While I can see the need for ruggedized handheld devices (this is, after all, how Symbol Technologies makes its money), this device seems laughable for the ordinary PDA user.

Now, in the review itself they do go to some lengths to show the thing floating in the water, some guy standing on top of it, etc., so I can see where, if you need to take your iPaq to the top of Mount Everest with you, it could be pretty handy, although I think it would take up too much space in your backpack.

Certainly there’s a need for this sort of thing. It just caught me off guard when I first saw it. The thought of putting my little CLIE in a 9″ enclosure seems preposterous. The author of the review agrees, saying that the “Corporate Joe” would have little use for this case, so I’ll quit complaining. Still, I have to chuckle.


Tech Toy Highlight: Garmin Forerunner 201

January 11, 2004 in General | Comments (0)

I don’t have anything to say about code and such today, but I wanted to post something.

Shortly before Christmas I got myself an early present, the Garmin Forerunner 201 GPS watch. A couple of my running buddies have the Fit Sense Speedometer. It’s very nice, but it’s stride based and can show some inconsistencies if your stride varies due to fatigue, injury, etc. It’s apparently a bit tricky to get it calibrated right the first time. I almost got one of those, but decided to hold out. I’m glad I did.

The Fit Sense Speedometer (as well as the Timex GPS models have two pieces. The Forerunner is one self contained unit. It has a nice display that shows you your current pace, time and distance, or anything else you want because it’s customizable. You can set thresholds so that it will tell you when to speed up or slow down to maintain a pace. It has a “virtual training partner” that will run at your target pace, giving you someone to race with even if you’re running alone.

One feature that intrigues me, but that I haven’t tried yet, is that it will “bread-crumb” your route and then guide you back the way you came. I’m anxious to go run through some golf courses and get off the pavement once in a while, but I don’t know the layout because I don’t golf. This way I can just run wherever I want to, then let the Forerunner guide me back out.

This is wildly off topic, but it’s still pretty geeky. If you run or know anyone who does, you should tell them about the Forerunner 201. You can get them for less than $160.00 as of this writing (I got mine at http://www.gps4fun.com).


Knoppix is very nice

January 10, 2004 in General | Comments (0)

Like I said before, I’m a generalist, so I use Windows and I use Linux. If I had one I’d use a Mac as well.

The nice thing about Linux is that it will run well on machines that are piss poor at running Windows. You can use it to breathe new life into an old machine.

Today a friend of mine gave me his old PC. He had gotten a new one because he’s had this one a few years and it doesn’t run Windows worth a crap anymore. It’s an HP Pavilion (I know, I already ranted about how HP laptops suck, but the desktop machines seem to be pretty good) with a 450mhz Celeron in it (Linux reads it at 467.737MHz). We use Debian Linux for our web servers at work, so that’s what I tend to use at home. While I love Linux, I hate installing it (I don’t have time to dick around with the OS that much – I’ve got other things to do), so I was very happy to have discovered Knoppix. Knoppix is the closest thing to a Windows installation that I’ve run into (although I still wouldn’t want to see my mom try it). While it isn’t as cut and dried as a Windows XP installation, it still gets your Linux system, along with X Windows with KDE, up and running within an hour. The rest is just tweaking.

This little Celeron runs Linux pretty darn well (looking at the BogoMIPS it’s almost twice as fast as my old 350MHz machine), and it didn’t take long to get it up and running. If you’ve got some old hardware laying around and you’ve always wanted to toy with Linux, download the Knoppix distribution and burn it to a CD. To avoid some potential pitfalls, when you’re ready to install it to hard disk, boot from the CD, but at the startup prompt type:

  knoppix 2

This will boot it into command line mode. Now type:

  knx-hdinstall

Follow the prompts to finish the installation. During the fdisk phase, remember to set aside a chunk of disk in a Linux swap partition or the installation will fail.

I wish that Knoppix was set up to create a small system partition, but it doesn’t, so if you install this way you’re going to get one big system partition and a swap partition. When you get better at Linux you might decide to change this (I haven’t yet, so I guess I’m not good at Linux yet), but to get up and running in a hurry you’re going to find this hard to beat. Configuring X-Windows is one of the nastiest jobs I know of on a Linux machine. Let Knoppix do the heavy lifting and you might be happier in the end.