Archive for November, 2005

Employers: Your idea or mine?

Wednesday, November 30th, 2005

For example, if a person were to write a document in the work place, does it not automatically become the property of the employer?

That scenario is a really touchy one especially for computer programmers. In the past, there have been some employers that pay their programmer’s salary wages instead of hourly and expect any work done (whether at the office or not) to become property of the employer. If they had a side project for their own personal enjoyment, sorry – that’s not yours any more.

I have also seen a case (link here) where an IDEA in an employee’s head becomes property of their EX employer. If you have a couple of minutes, please read that article – it’s a very interesting read. As strange as it may seem, the former employer actually won the case! It’s a sad day when merely having a good idea and not sharing it can get you sued.

ENG-113 – Assignment 12 Discussion

Linux mini-manual

Tuesday, November 29th, 2005

This mini-manual gives a general overview and explaination of common *nix terminal commands.

Here it is.

Quote of the week: November 28th

Monday, November 28th, 2005

It would be far more convenient to live for ten days at work, working sixteen hours each day, and then take twenty days off, repeating the cycle every month. One could then take twelve vacations per year.

IRC server news

Sunday, November 27th, 2005

For those that don’t know, I run an IRC server on my network. The server I have on my network that hosts the IRC server will be going down for maintenance sometime this week. I may let the server hit the 300 day uptime mark (currently at 295 days 18 hours 56 minutes) before I shut it down, but we’ll see 😉

My plan is to move the IRC server over to another machine and perhaps leave it there permanently. I’m not sure yet. Either way, you might see a service interruption for a short period of time during the transition. Currently, the machine hosting the IRC server is running Mandrake Linux 9.1. Here are a few specs:

Operating System
Mandrake Linux 9.1

Processor/RAM
Processors: 1
Model: AMD-K6(tm) 3D processor
Chip MHz: 451.04
RAM: 384 MB
Cache Size: 64 KB

PCI Devices
Network: D-Link System Inc RTL8139 Ethernet
Video: ATI Technologies Inc 3D Rage Pro 215GP

IDE Devices
hda: Maxtor 90680D4 (Capacity: 6.33 GB)
hdb: WDC AC28400R (Capacity: 7.87 GB)
hdc: CD-RW CRX100E

I’m unsure of whether I want to install Ubuntu 5.10 on it or Debian 3.1. My guess will be Debian since it will still act as a server. Also, on a side note, I’m finding that Ubuntu 5.04 has an odd quirk that is likely my own fault, but still, I’d like to mention it. My main machine has a 1gb ethernet card in it and my router is rated for 10/100 traffic. If I send a large file across the network to any other machine (whether that machine has a 10mb (my old laptop), 100mb, or 1gb card, Ubuntu 5.04 will lock up only allowing mouse movement. The screen is unclickable and sometimes I’ll get a popup stating there’s an I/O error.

Now, my guess is that it’s about the same as trying to force a watermelon through a straw, but I would also think that there would be some provision about throttling itself down on slower networks to prevent such a lockup to occur. I had experimented with an internal FTP server and found even if I throttled the connection to 10mb, it still puts out I/O errors. Unfortunately, these I/O errors aren’t just a typical nuisance, they have caused my machine to crash hard and has twice required me to do an OS reinstall due to unrecoverable errors in the file system. Yikes! At least /home was safe 🙂

Anyway, I will likely swap out the NIC to a 100mb card to see if that helps at all. My guess is that it’s probably one of two things actually – either the NIC itself is bad, or perhaps this used motherboard I bought with the onboard NIC is having issues with the second card (the onboard NIC is not being used). It’s kind of frustrating having a few 4 gig DVD iso’s on this machine from my cruise and not being able to transfer them across the network without fear of causing issues.

Management’s “understanding friend” method

Sunday, November 27th, 2005

I’ve noticed a lot of managers trying to be super friendly and sugar coating everything they say.

Just a tip…most geeks are smart and see through this. Be honest.

If I screw up, tell me. Don’t make it sound like you’re passing the buck from upper management, or pretend you’re not mad.

I can’t take any of my managers even half seriously because everything that comes out of their mouth is “corporate happy HR department” speak.

I want explicit instructions for what you want me to do. If I didn’t do something it’s because you didn’t ask me to.

Linux security quick reference guide

Saturday, November 26th, 2005

Yet another quick reference guide. This is a 2-pager packed with information and created by LinuxSecurity.com.

Here it is.

List of things needed from management

Thursday, November 24th, 2005

1) Flex time, when appropriate. If I am working on some kind of deep core system where I just code and code and code and the only person I’m interacting with is a manager, why should I be on a 9-5 schedule? If it really doesn’t matter so long as I get my shit done, let me come in at times where I can get my shit done most effectively.

2) Meeting issues. There are 3 kinds of meetings, in my mind: Meetings that are productive and important for me, meetings that are productive and important to other people, and meetings where upper management wants to whack off in public. The first kind of meeting I’ll go to gladly. The second kind of meeting I’d like to always be optional. The third kind – you know, where upper management gets up and talks about shit like the direction the company is heading – well, they can email me a powerpoint presentation… I promise, I’ll read it… Yeah… If I want to know about some big initiative the company is having, I’ll print out a letter from the CEO and read it while I’m on the crapper, ok? I don’t need to have some special ed like encounter group where we all blow smoke up each other’s asses.

3) Respect. I don’t mean people praising what I do or telling me I’m great. I mean respect like not treating me like some kind of half-functional asocial asshole because I happen to have technology skills. I really hate being treated like some kind of pet nerdling, to be brought out and questioned by the marketing people when they need the opinion of someone who, like, knows how to do math.

4) Respect. Really! Again, this is important. Just because *some* geeks are proud of their Autistic-like behavior doesn’t mean we all are. Don’t speak to me like I’m a child, and I’ll be happy.

5) Privacy. Or, rather, a lack of frequent interruptions. There’s a well known study that shows that most people can remember +/- 7 things simultaneously. Programmers frequently come in WAY on the right hand side of that particular bell curve because, one of the things we have to do is keep stuff in ready memory – highly specific, exact stuff. It isn’t like we’re writing a letter and we just need to remember the gist of something for later – we need to remember every damn bit of the thing we’re working on (at least, I do) in order to accomplish stuff.

6) Little things. The best motivator I ever got came at the end of a 3 week crunch. I was taken aside by my last manager, given an attaboy, told not to bother coming in on Friday because I would be expected to be enjoying the day off. Cost to them? 1 day’s pay for me, but they had a motivated person coming back to work on Monday.

7) Managers who can manage. A boss’s job is broken into two parts: supervising me and protecting me. Supervising means getting work to me and letting me know what’s expected on it. I take a lot of initiative, but when I am handed a task, I would like to know what I’m supposed to do, when I’m supposed to have it done by, and (if applicable) what methods I’m required to use to do it (if I don’t have a choice). Protecting me means keeping assholes like Phil in business development from swinging by and talking my ear off for a half hour in the afternoon. It means not scheduling me for meetings that are a complete and absolute waste of my time. Basically, doing all those helpful things that allow me to do what I can do.

8) Be realistic. Let’s face it – at least 10% of my time is spent on shit like reading slashdot and other such stuff – let me do it without having to fear that I’m going to lose my job because I need a mental floss break. I’m going to do it anyway, so why not let me do it without stress? Even better – FAR BETTER – let me work on something that is blue-sky stuff for 10% of my time.

That’s just me, maybe other people are different.

Yet another Windows mass mailing worm released

Wednesday, November 23rd, 2005

Another variant of the Sober worm has been released and is making its way around the internet. In honor of these morons who fall victim to these types of mass mailing worms (ignorance and insecure software is no excuse), I have created my own form of phishing junkmail that these idiots would likely fall for:

REQUEST FOR URGINT BUSINESS RELASHUNSHIP!

HELLO FREIND,

I AYM FROM THE CUNTRY OF NIGERIA AND I AM SEEKIGN YOR ASSISTANTS. MY CUNTRY HACE GONE THROU A REGIME CHANGE AND I AM IN NEED OF A PERSON TWO HELP ME TRANSFER MONEE OUT OF TEH CUNTRY. IF YOU COUD WIRE ME $10,000 US DOLLERS FOR TEH TRANSFER FEE, I WILL SPLIT THE $1,000,000 DOLLER TRANSFER WITH YOO. ISN’T THAT A GOUD DEEL? WHEN YOO ARE DUN WIRING ME THE $10,000, PLEACE CLICK ON TEH ATACHMINT BELOW. DON’T WORRAY, FREIND, TEH ATTACHMINT IS A COOL NEW SCREENSAFER. INJOY MY FREIND!!1!42!!

DR. CLEMENT OKON

::attached file: !!!1!L337_screensaver_britney_spears_clickme_i_am_not_a_bad_file_honest.pif.shs.bat.js.msi.exe::

Sony’s new DRM defeated by a piece of tape

Wednesday, November 23rd, 2005

As most people know, Sony’s last DRM scheme was thwarted by merely running a marker along the outer edge of the CD that was “copy protected”. Sony spent millions in research to copy protect their CDs the first time around and spent the same this time around. Both defeated by solutions that cost people about a quarter. Read more about the most recent workaround here.

The most recent DRM scheme is absolutely disgusting in its nature – it automatically loads on your Windows machine whether you want it to or not and then makes your machine succeptable to easier exploitation. This has made Texas lawmakers decide to sue Sony claiming that their DRM software is considered adware/spyware, and under Texas law, could be fined up to $100,000 per incident (see below).

Two workarounds for not having Sony’s CDs install their software on your PC would be either disabling the autorun feature that is on by default on Windows machines or holding the SHIFT key when putting a Sony-made CD in your CDROM drive. Gee, I hope I don’t get sued for writing about that. Here are a few ways to permanently disable the Autorun feature in Windows:

Windows XP:
Right-click on the drive icon for your CD drive, CD recorder, or DVD drive, and select Properties. Choose the AutoPlay tab, and choose the desired action for each type of CD (music CD – take no action).

Windows XP and Windows 2000:
Run the Registry Editor (Start -> Run -> Type in REGEDIT.EXE). Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom and double-click the Autorun value. Now type 0 for its value. If it’s not there, create it by selecting Edit -> New -> DWORD Value, and typing “Autorun” for its name. You might have to log out and then log back in for this change to take effect.

Windows 95, 98, Millenium Edition
Right-click on the My Computer icon and select Properties. Choose the Device Manager tab. Open the CD-ROM branch, and select the entry for your CD-ROM drive. Click Properties, and then choose the Settings tab. Turn off the Auto insert notification option. Click OK, and then OK again. You’ll have to restart Windows for changes to take effect.

When will Sony learn not to screw over their legit customers in the name of preventing piracy by few? Now Sony is facing huge fines and have already heard a large public outcry of their software (even by Microsoft of all people).

From the Texas state web site:

“The Attorney General’s lawsuit alleges the New York-based company
violated a new Texas law protecting consumers from the hidden spyware. The
company accomplished this by using new technology on certain music CDs to
install files onto consumers’ computers that hide other files installed by
Sony. This secret “cloaking” component is installed without the knowledge
of consumers and can cause their computers to become vulnerable to
computer viruses and other forms of attack.

Because of alleged violations of the Consumer Protection Against Computer
Spyware Act of 2005, the Attorney General is seeking civil penalties of
$100,000 for each violation of the law, attorneys’ fees and investigative
costs.”

My favorite recent quote is by Cary Sherman, the president of the RIAA, stating in reference to Sony BMG’s “rootkit” software that “there is nothing unusual about technology being used to protect intellectual property.”

Sure does suck to be Sony…first Microsoft puts out a press release telling Sony that their r00tkit software is insecure and now Texas is looking to seek charges on Sony for breaking the law. All they need now is a press release from Satan himself striking down Sony for their evil behavior and the “end of the world” trifector will be complete.

Yet another I.E. exploit

Tuesday, November 22nd, 2005

From the article:

“Exploit code for a critical flaw in fully patched versions of Microsoft Corp.’s Internet Explorer browser has been released on the Internet, putting millions of Web surfers at risk of computer hijack attacks.”

“The group that published the exploit said Microsoft has been aware of the Javascript Window() vulnerability for several months but was mistakenly treating it as a low-priority denial-of-service flaw.”

Nice. Let’s downplay any seriousness to a rather large vulnerability to save face. Maybe they downplayed it so they wouldn’t look so bad in all those Microsoft-sponsored TCO reports, eh? Nothing drives up TCO like fixing exploited vulnerabilities 😀

And last, but certainly not least, the last quote from the article:

“The SANS ISC’s Ullrich said IE users should consider switching to Firefox of Opera.”

Eweek article here.