|
|
Index: Home | What Is Izumi | Misc Links | Random Thoughts | Too Much To Read | The Rant Vault | Quotes
I polished DualTimeZone and made it available on googlecode:
The development cycle was not too bad:
I'd estimate there was about a 1 to 5 ratio here: 1 hour to implement the real functionality (it's really low tech) and 5 hours to polish the chrome around it and deliver, the whole thing split over 3 days. And another day lost trying to make it available.
Speaking of bloat, the resulting executable is 168 KB, the MSI installer file is 337 KB and according to the task manager the application uses 12 MB when running yet its VM size is 7 MB. For comparison, an empty .Net WinForm application (the default WinApp created by the C# wizard in VS.Net 2k3) generates a 16 KB executable that uses 8 MB of memory and 6 MB of VM when running.
Obviously having a kitchen sink run under the hood has a price in terms of memory usage, not to mention the hefty 20 MB initial download (which I painfully forgot to load on my secondary vmware dev box :-( ).
Vaqrrq.
Gurer vf nabgure oybt fbzrjurer ba the net, jurer fghss trgf jevggra gung jbhyq or too bowrpgvbanoyr urer. Obviously the nfghgr ernqre should not have any trouble svaqvat vg va n pbhcyr bs jrrxf. Vg vf gbgnyyl nabalzbhf fb lbh pna'g or fher vg'f ernyyl gur correct bar. Vs lbh svaq vg, lbh pna nyjnlf gel gb tvir zr gur secret signal -- fbzrguvat yvxr gur shark qnapr va Chyc Fiction jvyy qb whfg svar. Ubjrire V'yy ybbx ng lbh puzzled naq deny nal xabjyrqtr bs jung lbh ner talking nobhg.
Ryfrjurer, jurer bar zna'f cave vf nabgure zna'f greevgbel.
It's that time of the year... PA again :-)
I've been busing reading this excellent Haskell tutorial, as well as reading (again) on OCaml and F#, and writing a bit about what I could do but I'm not going to do with Hint, LiveDb and Rig2.
On the side I'm implementing a small .Net C# utility that displays an alternate time zone in the taskbar. I've seen that utility somewhere else but I'm too lazy to do a Google search to find it (the modem kind of ruins the experience of being online) when it's only going to take a me a couple of hours to write my own.
Not everything I do involves computer stuff and curly brackets.
There's of course taking care of them babies or getting pictures of stuff around:
And still there's some quality time spent removing the beaver dams.
|
|
|
 |
|
| Next day: | - |
 |
|
| 4 days later: | - |
 |
|
The server's back online. After 3-4 days. What a shame.
This is a follow up to the security vulnerability described in: http://www.securityfocus.com/archive/1/437818/30/60/threaded
As author and maintainer of RIG (a.k.a. the Ralf Image Gallery), I made a fix available upstream: http://sourceforge.net/project/showfiles.php?group_id=54367
I strongly recommand you grab version 1.0 on Sourceforge or stop using RIG versions 0.6.5-0.7.5 at once.
Summary of the fix: a missing exit statement was missing in the entry point validation. I also added a check to enforce php's register_globals is turned off.
More details available here: http://rig.powerpulsar.com/#news
I'd usually thank Aesthetico for finding this vulnerability. However given how this was handled I will refrain. I apologize for the long delay in providing this fix, mostly due to having to take my server offline after it had been compromised as a direct consequence of the vulnerability being exposed without prior notification (email logs don't lie, beside whatever claim is being made.)
The server is back offline. You won't read this till... well later. I'm not sure when.
As the author of RIG, I'd like to mention that so-called "security researcher" David "Aesthetico" Vieira-Kurz failed to contact me prior to exposing the vulnerability mentioned in http://www.securityfocus.com/archive/1/437818/30/60/threaded. He claims he sent me one email, a week before posting the vulnerability. However I asked him twice to send me a copy of this email and I have still to receive any answer. I also looked in my email logs and cannot find anything related.
Failing to do so, my server was hacked in a matter of hours and a friend of mine was hacked shortly after, which is how I found the vulnerability in the first place (luckily for us none of the root exploits or botnets worked.) As a consequence of noticing my server being hacked I had to spend a full night cleaning this server, time that I could have used instead to fix the security hole in the first place and provide a patch to my friends.
The spirit of full disclosure, of which I am a fervent adapt, is to
give "sufficient" and proper notice to authors so they can fix their
stuff, to make the internet more secure, not less. Waiting barely a
week and firing a single email (presumably and yet to be even proven)
without bothering to try again or check if it had been received is not
"proper" notice. Then going on claiming that I "ignored" such a
warning is highly hypocritical.
This is akin to telling me that advance notice was clearly posted
weeks ago in the basement (the one without stairs), in the bottom of
a locked cabinet, stuck in a disused bathroom, with a sign on the door
saying Beware of Leopard.
Such behavior only results on more boxes being hacked on the net,
which is contrary to what full disclosure is supposed to achieve.
Mr. David "Aesthetico" Vieira-Kurz's behavior here is unethical and in my mind very detrimental to the good success of full disclosure. Why fail to give proper advance notice or wait a reasonable amount of time? For fame of course, to be the first one to post a vuln with total disregard of whether it gets fixed or not. This is some small hobby open source project with a pathetic 3 or 4 users, so why care? It's an easy target and it's much easier to snort at the author as saying he disregarded any warning and get a +1 cred for cracking yet another useless web site. In a sense, this is at the same level of lack of honor than the script kiddies who immediately tried to exploit the vulnerability.
The clock by my computer says it's 1 AM. In fact it is 12:43 AM, this particular clock is always about 15 minutes fast -- it's my "I need to get out of here right now" clock.
Beethoven is playing in the background. #3 in E flat major Op 55, Allegro con brio.
She's asleep on the couch. We were watching TV and towards the end she was sleeping. For a while her head was on my lap, which was very nice, but eventually I decided to take care of all these little details for her. Like taking the dishes away and taking the laundry out.
Both babies are sleeping in their crib. They seem comfortable in there. We hope they feel so. We'll smile at me sometime tomorrow morning.
I'm almost done folding the laundry while quietly reading some blog or other. Particularly this one going from angle brackets to bath time to fruit salads.
Tops and bottom are all folded. Towels are what I do first. They are easy and square. Bibs come next. Now I have jammies left to fold. Those are tricky. Only a couple more.
The music continues. #5 in C minor Op 67, Allegro con brio.
It's so quiet and peaceful.
This is how it should feel.
No, I do not have any update to offer.
There's been a lot going on at work and at home recently, including fighting with DVD authoring, playing with prototypes and toying with more ideas. Somewhere else a mage reached 60 and offspring toons reached 20+.
Obviously most of my activity these days is concentrated on the SC blog.
At the end of the day, the area looked more like a war zone. And he was sitting up there on the hill, contemplating it with lots of mixed feelings for he had tried everything he could possibly think of and none of them seemed to have really worked.
Zzzz.
I don't know where to start. I can't stop now.
This silence is killing me. It's too noisy.
It's not my fault. I generally accept it.
Not today and not now.
Le jour et la nuit étaient inversés.
Le petit planneur longeait tranquillement le fond de la vallée. Le tapis verdoyant invitait le calme et la sérénité. Soudain un vent chaud et doux prit le planneur par surprise. L'allure tranquile fut remplacée par une montée abrute. Finalement un peu d'action en haute altitude ! Mais aussitôt arrivé, aussitôt reparti, le petit vent douillet s'en allât laissant le petit planneur dans une atmosphère glaciale et distante. La douce chaleur du soleil s'était éclipsée pour laisser place à une montagne massive et ombrageuse.
Deçu, le petit planneur retourna dans le fond de sa vallée où, depuis son tapis verdoyant, la faune regardait cet être étrange et solitaire passer doucement et silencieusement jusqu'à la tombée de la nuit.
Blog Archives:
Most recent posts
2006/04/24 - 2006/01/21
2006/01/21 - 2005/12/17
2005/12/12 - 2005/10/04
2005/09/25 - 2005/08/28
2005/08/28 - 2005/06/14
2005/06/11 - 2005/05/24
2005/05/17 - 2005/04/22
2005/04/14 - 2005/03/22
2005/03/18 - 2005/01/15
2005/01/13 - 2004/12/17
2004/12/16 - 2004/12/03
2004/12/02 - 2004/11/21
2004/11/21 - 2004/06/20
[RSS]
|
|
This work is licensed by Raphaël Moll under a Creative Commons License.
|
|
| Color Theme: | Gray | Blue | Black | Sand | Khaki | Egg | None |
|
|
|
|