Syngery rocks! At my desk at work I have one linux computer that I do my software development on and a windows laptop that I use to check email and verify that the web app works in IE7. Now with two monitors I can switch back and forth between them with one mouse and keyboard just like they were one computer. Basically the program starts redirecting computer and mouse output to the other computer when the mouse hits the edge of the screen. It feels very natural like you are using one computer with two monitors. You can’t drag windows between the two computers (though I bet using something like VNC this could be coded up).
Java File Descriptor Leak
May 31st, 2007I’ve encountered issues similar this bug:
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6246565
and have found some other bug entries in the past that seem to cover the same problem.
If I’m running a lot of Runtime.getRuntime().exec() or Axis SOAP calls java open several pipes associated with each exec or SOAP call, that especially under a heavily loaded system, can take a very long time to be garbage collected. This has lead to a case where this code hits the default 1024 open file limit in a case where only maybe 20 or 30 files should be open at a time. The solution thus far has been be more careful about opening sockets and pipes in Java, but I have yet to find a better solution. I’m still running Java 5 JDK 1.5 and many of the bug entries seem to recommend upgrading to Java 6.
Offline usage of PHP PEAR packages
May 30th, 2007Reading through the documentation on PEAR, I was stumped as to how to add a channel offline. Running:
pear channel-discover pear.symfony-project.com
Would try to download http://pear.symfony-project.com/channel.xml which happened to be down for the weekend. Desperately I could not figure out how to make channel-discover read from a file. But then I finally figured out this:
pear channel-add channel.xml
Will do the trick. After running wget http://pearn.symfony-project.com/channel.xml to download the xml file you can then add it offline with the above command. To install the package offline:
pear install symfony-1.02.tgz
After you have downloaded the PEAR package as a tgz file.
Hungerectomy?
July 14th, 2006I’m not sure what a Hungerectomy is, but about a year ago I had an appendectomy. And it wasn’t a very pleasant way of ending hunger.
Caltrain GO Pass
June 9th, 2006Caltrain offers this insane discount for employers. $99.50 per employee per year with a minimum purchase of $6,965 per year for a pass for all caltrain zones. This ticket normally costs nearly $3,000 per year, however I don’t think the go pass is honored by VTA and Muni so maybe a farer price is about $1,000 per year. Either way this is at least a 90% discount. I think I may have to buy this and resell them.
OpenOffice Pleading Template
June 5th, 2006My significant other is currently in a paralegal program, and therefore needs to produce legal documents. However we don’t have Microsoft Word at home. There are really nice templates for Apple Pages, but they don’t have Pages at school or on any of our laptops. So, I’ve started working on a California Pleading template for OpenOffice.
Pessimistic Programming
June 4th, 2006I am now totally sold that the only way input validation will ever be secure is by explicitly listing safe characters and not be listing unsafe characters. I was on the fence on this issue. I thought that as long as you used well published open source functions to check for unsafe characters you were pretty secure, but then I saw this bug for mysql_real_escape_string(). This took a year to be fixed as well.
Worst of all is that I’ve tested applications with MySQL backends with many security tools that look for SQL injection, including security tools that costs thousands of dollars per run, and none of these tools found this bug. I read in many places that unicode has been a big recurring headache for software security. So, I would that would be the second place to look after the obvious SQL injection attacks.
This is why I now think everyone should program explicitly listing the safe characters and input lengths, even if this hurts the future flexibiity of the program. The solution is obvious for things like names, zip codes, etc. I know the solution is clearly not obvious for multilingual sites. And binary files are still tricky to validate. The best I can think of for this is to use Base64 encoding.
Now that’s a neon sign!
May 27th, 2006
Zero day exploits
May 27th, 2006Whoever you are, I have always depended on the kindness of strangers. — Blanche DuBois, A Streetcar Named Desire
As far as I can see there is no solution to the zero day exploit problem. Someone can always see what software you are running and wait until the moment a vulnerability is discovered and immediately attack you before you can patch. It is true however that most people will not be targeted in this way since there are many more benevolent people than malicious people (see above quote). In general websites are not targeted until vulnerable sites can be found with a web search engine, making it easy for a few people to find a large number of vulnerable sites.
Don’t know where I’m going with this post. Just that we are doomed to not be able to instantly patch.
Under Construction
May 26th, 2006You know those stupid animated GIFs of some stick figure digging. Well we have new sites in the works, and I want to get the links out there so the search engines pick them up.
Toonet is a simple set of utilities for stuff I sometimes want to run off a remote computer. Now it is really easy. With toonet you can port scan, do DNS lookups, ping, and more in the future.
This site will contain useful information about Linux. Compatible laptop hardware, etc. This info will also be submitted to http://linux-laptop.net/ and http://tuxmobil.org/
This site will replace toometa.com. Its exact final point is still unknown and undisclosed.
This site is the one I’m least serious about this far, but I thought it was a good domain name for yet another open source software news site.