I’m working on a startup called KinKast to help you enjoy your home videos. On the side I’m also helping out an electric supply (circuit breakers, transformers, etc.) company with their web presence.
And I just launched a reference site for experimenting with new features such as similar products, dynamically generated images, and more pictures less text. electricalsupplyexpert.com
Last Sunday, July 8, 2007, I went on an amazing bike ride from Palo Alto, up Old La Honda, down Hwy 84 to Hwy 1 and then back up Tunitas Creek Rd returning to Palo Alto. In total, the ride was a little of 50 miles and took me about 8 hours since I’m in terrible shape. Now I’m dying to do it again.
1408 is a scary twisted mostly non-gory horror movie that is very refreshing compared to the other gorefests that have come out recently. I highly recommend it.
I’ve been having trouble finding or working out a system for easily imaging a linux box. Mondo doesn’t work because it seems to expect that it is run from the live system, I can’t seem to manage to chroot and run mondo and the same time off of a Knoppix DVD. Norton Ghost doesn’t support LVM. dd takes wayyy to long.
Thus far I have been imaging systems by dumping the ext3 file systems and recreating the partition layout, LVM setup, and install grub with a RedHat rescue cd. The problem is I think remastering a RedHat rescue cd with new files and a custom install script would take a long time, and installing grub from a Knoppix cd doesn’t seem to lead to a bootable system.
Clonezilla seems to be the perfect solution. It will image all kinds of systems, seems to work with LVM. And best of all it will make a CD or DVD for a fully automated restore of the system. I just imaged a system today. I will update the blog to reflect the results tomorrow.
–Update: Clonezilla works perfectly. The live restore CD is creates works, and imaging and restoring a few gigabytes of data only takes about 15 minutes.
I recently signed up for Google AdWords. I felt a bit silly actually taking out an ad for basically my home page and blog, but I was also very curious as to how much historical ad information Google provides and just how many impressions and clicks it would lead too.
Thus far a few hundred impressions but no clicks. I’ve read that if you have a low click through rate that makes it more difficult to get impressions. This implies to me that there is some point where Google would just stop showing my ads even though I’m bidding because they don’t think anyone is interested.
Well, I’m anxious to learn more about AdWords and see how things go.
Untangle recently open sourced their firewall, vpn, and content filtering solution. You can download it from source forge. Their product is definitely the easiest and most complete open source firewall solution. The installer assumes you will be using many of the features so the minimum system requirements are fairly high.
I recently started renting a server from cari.net, who I found from an ad in the Linux Journal. Thus far I have had great customer support from them, the bandwidth is high throughput and low latency, and the price is great. But the ip address is on Comcast’s black list. Unlike most other black lists that cool down after a few days and you get delisted, who knows what Comcast’s policy is. I have just sent a request to their delist request page, hopefully it goes well.
I’m not sure what a Hungerectomy is, but about a year ago I had an appendectomy. And it wasn’t a very pleasant way of ending hunger.
My significant other is currently in a paralegal program, and therefore needs to produce legal documents. However we don’t have Microsoft Word at home. There are really nice templates for Apple Pages, but they don’t have Pages at school or on any of our laptops. So, I’ve started working on a California Pleading template for OpenOffice.
I am now totally sold that the only way input validation will ever be secure is by explicitly listing safe characters and not be listing unsafe characters. I was on the fence on this issue. I thought that as long as you used well published open source functions to check for unsafe characters you were pretty secure, but then I saw this bug for mysql_real_escape_string(). This took a year to be fixed as well.
Worst of all is that I’ve tested applications with MySQL backends with many security tools that look for SQL injection, including security tools that costs thousands of dollars per run, and none of these tools found this bug. I read in many places that unicode has been a big recurring headache for software security. So, I would that would be the second place to look after the obvious SQL injection attacks.
This is why I now think everyone should program explicitly listing the safe characters and input lengths, even if this hurts the future flexibiity of the program. The solution is obvious for things like names, zip codes, etc. I know the solution is clearly not obvious for multilingual sites. And binary files are still tricky to validate. The best I can think of for this is to use Base64 encoding.