Sunday, April 22, 2007
Officially Moved
Thursday, March 16, 2006
Just a Post To Remind You That I'm Alive
I'm alive. But I'm not quite ready to restart my blogging foray. I think soon perhaps. Until then.
Cheers.
Cheers.
Thursday, December 22, 2005
Happy Holidays
Well, I'm off for the holidays.. Ahhh. I hope you are able to enjoy the holiday season as well.
Merry Freakin' Christmas
Merry Freakin' Christmas
Tuesday, November 29, 2005
Samsung YH-999 Wha?
During a hectic and depressingly boring Bug Smash of Windows Vista, we were given raffle tickets for various prizes (one of those look at the shiny thing / aren't you having a good time moments). Of course no one actually wins these silly raffles. Especially when they include new Dell PCs, Portable Media Centers, and tickets to Daniel's Broiler.
I know what you're thinking, but no I didn't win. Some dumb schmuck who didn't bother to check the number on their ticket won. So guess what? They drew again! Ok, this time it is what you're thinking. I won the Portable Media Center!!
Talk about a kick ass toy that I would never actually buy! This thing rocks! It's the Samsung YH-999 Portable Media Center (Windows Mobile 5.0 Media Center Edition). It kicks the video iPod squarely in the nuts I think (oh and came out years ahead of it too).
Now I can synch up with my main Windows Media Center PC (or any PC with Media Player 10), and load all my music, videos, recorded TV shows, and pictures! Ok, so I don't have any recorded video or TV shows, but I will! One day. And it will be synched to my Portable Media Center.
I never actually imagined the sort of opportunities this little bastard opens up. Wherever it goes, my entire media life follows. Kinda scary. Now I just need the beliegered Xbox 360 and I'll complete my Media Center trifecta! Wait, fourfecta. I guess I have the Media Center Extender for my old skool Xbox.
At any rate. If you're in the market for a new MP3 player, you're really into pictures, you travel, or you just love kick ass gadgets. Consider picking this little gem up. Check out those specs!!
Link: http://product.samsung.com/SamsungUSA/PRODUCT/20040715/yh999.pdf
I know what you're thinking, but no I didn't win. Some dumb schmuck who didn't bother to check the number on their ticket won. So guess what? They drew again! Ok, this time it is what you're thinking. I won the Portable Media Center!!
Talk about a kick ass toy that I would never actually buy! This thing rocks! It's the Samsung YH-999 Portable Media Center (Windows Mobile 5.0 Media Center Edition). It kicks the video iPod squarely in the nuts I think (oh and came out years ahead of it too).
Now I can synch up with my main Windows Media Center PC (or any PC with Media Player 10), and load all my music, videos, recorded TV shows, and pictures! Ok, so I don't have any recorded video or TV shows, but I will! One day. And it will be synched to my Portable Media Center.
I never actually imagined the sort of opportunities this little bastard opens up. Wherever it goes, my entire media life follows. Kinda scary. Now I just need the beliegered Xbox 360 and I'll complete my Media Center trifecta! Wait, fourfecta. I guess I have the Media Center Extender for my old skool Xbox.
At any rate. If you're in the market for a new MP3 player, you're really into pictures, you travel, or you just love kick ass gadgets. Consider picking this little gem up. Check out those specs!!
Link: http://product.samsung.com/SamsungUSA/PRODUCT/20040715/yh999.pdf
How to Remove the Comcast Branding from IE
If you're like me, you don't like apps messing with Internet Explorer. I know that Comcast would like to believe that they have a good homepage, and that the clever rotating 'C' in the place of the IE logo is just what I want to look at; however...
Here is how you can remove the Comcast branding from Internet Explorer:
1. Start->Run
2. rundll32 iedkcs32.dll,Clear
Note: This is case-sensitive.
Link: http://www.dslreports.com/faq/7777
Here is how you can remove the Comcast branding from Internet Explorer:
1. Start->Run
2. rundll32 iedkcs32.dll,Clear
Note: This is case-sensitive.
Link: http://www.dslreports.com/faq/7777
Wednesday, November 16, 2005
Microsoft security is nothing to sneeze at
http://www.infoworld.com/article/05/11/11/46OPsecadvise_1.html
...
If you look at the statistics against XP Pro, Server 2003, SQL, and IIS, exploits are way down and security is up. How else do you explain that IE (Overview, Articles, Company) had fewer exploits this year than Firefox? How is it that only two of the top five most active exploits on the Internet are Windows-based?
...
Want a good database program without frequent security problems? Maybe Microsoft SQL is the answer. Do you remember the date of the last Microsoft SQL exploit? MySQL and Oracle (Profile, Products, Articles) are fairly worse these days, not better.
Can anyone do security better than Microsoft? I’m not sure. Mac OS X is gaining its fair share of patches on a regular basis. I may complain about Microsoft’s patch Tuesday, but trying to keep my Linux and FreeBSD systems patched is becoming even more painful.
...
Security Adviser, By Roger A. Grimes November 11, 2005
Link: http://www.infoworld.com/article/05/11/11/46OPsecadvise_1.html
...
If you look at the statistics against XP Pro, Server 2003, SQL, and IIS, exploits are way down and security is up. How else do you explain that IE (Overview, Articles, Company) had fewer exploits this year than Firefox? How is it that only two of the top five most active exploits on the Internet are Windows-based?
...
Want a good database program without frequent security problems? Maybe Microsoft SQL is the answer. Do you remember the date of the last Microsoft SQL exploit? MySQL and Oracle (Profile, Products, Articles) are fairly worse these days, not better.
Can anyone do security better than Microsoft? I’m not sure. Mac OS X is gaining its fair share of patches on a regular basis. I may complain about Microsoft’s patch Tuesday, but trying to keep my Linux and FreeBSD systems patched is becoming even more painful.
...
Security Adviser, By Roger A. Grimes November 11, 2005
Link: http://www.infoworld.com/article/05/11/11/46OPsecadvise_1.html
Tuesday, November 15, 2005
Sony is Spyware
In case you thought you only had to worry about pop-ups and shady Internet companies, think again. Sony has been sticking spyware on music CDs that has caused major security vulnerabilities!
Microsoft's next addition of its Malicious Software Removal Tool (released monthly through Automatic Update) will target this spyware for removal. I wonder what goodies the PS III will offer us??
Link: http://www.msnbc.msn.com/id/10053831/
Microsoft's next addition of its Malicious Software Removal Tool (released monthly through Automatic Update) will target this spyware for removal. I wonder what goodies the PS III will offer us??
Link: http://www.msnbc.msn.com/id/10053831/
Friday, October 28, 2005
Broken
Scrambling back from mid-field to cover on defense, I managed to break up the play on goal--but not for long. The ball was flicked back into the center, and I made a hard cut to beat it. Unfortunately, my ankle didn't agree. At this point I can't say if it's broken, bruised, or torn, but it's certainly f'd up.
So, now here I sit on my couch with my foot propped up on ice, and all kinds of things I could otherwise be doing. Like going to work. Unfortunately as well is how damn easy they make it to work at Microsoft these days. I just plug in my smartcard reader, and I'm in. Doh.
Halloween is upon us! Where will you be? What will you be up to? I'll be the gimp--apparently. It won't be the first time. Happy Halloween. Here's to "it's just a bruised tendon!"
So, now here I sit on my couch with my foot propped up on ice, and all kinds of things I could otherwise be doing. Like going to work. Unfortunately as well is how damn easy they make it to work at Microsoft these days. I just plug in my smartcard reader, and I'm in. Doh.
Halloween is upon us! Where will you be? What will you be up to? I'll be the gimp--apparently. It won't be the first time. Happy Halloween. Here's to "it's just a bruised tendon!"
Friday, October 21, 2005
Doomed
It's not much of a surprise, but "Doom" pulled a stellar 1/2 star rating on MSN Movies. While it's not surprising, it is a bit disspointing. I've enjoyed many a night blasting hellish demons and other dudes to bits. Of course, I haven't played it in probably 8 years or so. I'll have to put on the rental queue.
Another not-so-surpising thing: I haven't been keeping up on my blogging. Things have been pretty busy with the new house, Vista Beta 2 work, an attempting to keep some sort of a life. I'll be back at it shortly. I know you're holding your breath!
Link: http://movies.msn.com/news/article.aspx?news=204754
Another not-so-surpising thing: I haven't been keeping up on my blogging. Things have been pretty busy with the new house, Vista Beta 2 work, an attempting to keep some sort of a life. I'll be back at it shortly. I know you're holding your breath!
Link: http://movies.msn.com/news/article.aspx?news=204754
Thursday, October 06, 2005
Halo (the movie)
Well, it appears we're going to spend some cash on this flick. We've hired Peter Jackson to produce 'Halo'. You may recall him from the Lord of the Rings trilogy and King Kong (coming soon). Look for it in summer 2007. It just might be good--certainly better than "Doom". :)
Link: http://www.msnbc.msn.com/id/9599563/
Link: http://www.msnbc.msn.com/id/9599563/
Monday, September 26, 2005
Palm + Windows Mobile 5.0
Who'd a thunk it? Palm software is running on Windows Mobile 5.0. As announced today, this new collaboration between Microsoft and Palm will create an incredible new offering for the Treo. It will be available in '06 on Verizon Wireless' broadband network. You will love this Smartphone.
Way to go Windows Mobile!
Link: http://www.microsoft.com/presspass/press/2005/sep05/09-26MobilityPR.mspx
Way to go Windows Mobile!
Link: http://www.microsoft.com/presspass/press/2005/sep05/09-26MobilityPR.mspx
Wednesday, September 14, 2005
The Down-Payment's on Black
As I fly off to Vegas for the weekend, my impending real-estate transaction hangs in the balance. Christie and I are buying our first home in Bothell, WA (see how cute it is). We're past the inspection now, but still waiting for the response from the seller on the inspection monies."Just do it! Your house isn't in mint condition, as you would like to believe, and those damn steps you built for the front porch are not to code--and they're ugly. We have to rip them out"
This is one of the many, many items that we uncovered. Any homeowner would not be surprised, but this is going to be a lot of work!! Still it's a great house and a great investment. But for now... on to Vegas!
Adam, my buddy from college, is getting hitched to Jenny, another good friend from the collegiate days. Adam the dentist marries Jenny the nurse. Sounds just picture perfect, don't it?
Anywho, they're providing me with this nice little Vegas get-away at the MGM--and when I say providing I do not mean paying. But that's cool, because on Saturday they are providing free food and a full bar! Yes sir. This will in fact be a drunken nightmare.
If you happen to be in Sin City, meet me at the MGM pooldeck. I'll be the skinny geek with white legs.
Oh, and if you have a chance, you MUST check out the PDC '05 key-note. We're showing off some kick-ass technologies. Some of these I haven't seen myself. The Vista demos are incredible, and O12 is gonna make you pee a little--so make sure you've got the Sneaky Leaker handy.
Cheers.
Monday, September 05, 2005
Comcast On-Demand is a POS
I spent my Labor Day weekend on the east side of the mountains. Hot and dry are not two of the things that Washington is famous for, but Eastern Washington--home of the Washington apple--is just that.
We drove over the pass on Friday evening--a long slow mess of other people on their way to do the same thing. We arrive at Lake Chelan (a bit of a scenic route) just in time for it to get dark. Our friends had not yet arrived at the campground, but the friends-of-friends from Buckley, WA had been there for quite some time. You may remember Buckley from Black Sheep (David Spade and Chris Farley). Eventually we all got set up and made it an early night. It was an interesting group in all.
The next morning. Christie and I met my parents for the Ellensburg Rodeo (a solid two hours drive). Can't say that I'd ever been to a rodeo. I don't know that I will or won't go again, but if it weren't for my grandma, I'd never need to visit Ellensburg again.
At the end of the day we drove across Blewit Pass (again) and rejoined the odd mix of folks at the campground. This time I was prepared with the JD. My friend James and I polished off the better part of the fifth after a few beers and we got a little loud. Christie found herself some Absolut Mandarin and did herself in too--in fact she was hurting so bad, she didn't drink any wine on the wine-tasting tour.
Dragging my ass out of bed early the next morning I managed to scrape myself together to have a round at Bear Mountain Ranch Golf Course. It was a sweet course that reminded me a lot of my trip to Arizona: sweeping views, desert, and poorly played golf. Of course that last feature is one that follows me to every course. I did hit my par however, so I went home happy (I parred one hole, no I'm not a scratch golfer).
We took the boat out on the lake when we got back and got in some swimming and water skiing. We had a hell of a feast for dinner (Christie is a kick-ass cook), and then we played this crappy 20-Questions rip-off game. I think I was the only party-pooper who wasn't into it, but I was tired. In fact I went to bed a bit early and felt like a $100 today.
We packed up and pulled out early. On the way back we hit Rusty's in Cashmere, WA--the home of the Aplet and Cotlet (if you don't know what the hell I'm talking about, you're better off for it). Putting down a double cheeseburger with special sauce and onion rings was a questionable decision at 10:30AM, but we weren't all that rational after a long weekend.
We cleaned up and relaxed around the house, made some pizza, and settled in with a movie. All I have to say is "God damn the Comcast On-Demand bullshit". At the very end of the movie the POS dies and gives me error CM-20, followed by error 14. I tried several times to get it back, including restarting and fast-forwarding the movie back to the same place, which again died promptly.
Now I am left with an incredibly sour taste in my mouth after a good three-day-weekend. That pisses me right off. At least it's a short week.
We drove over the pass on Friday evening--a long slow mess of other people on their way to do the same thing. We arrive at Lake Chelan (a bit of a scenic route) just in time for it to get dark. Our friends had not yet arrived at the campground, but the friends-of-friends from Buckley, WA had been there for quite some time. You may remember Buckley from Black Sheep (David Spade and Chris Farley). Eventually we all got set up and made it an early night. It was an interesting group in all.
The next morning. Christie and I met my parents for the Ellensburg Rodeo (a solid two hours drive). Can't say that I'd ever been to a rodeo. I don't know that I will or won't go again, but if it weren't for my grandma, I'd never need to visit Ellensburg again.
At the end of the day we drove across Blewit Pass (again) and rejoined the odd mix of folks at the campground. This time I was prepared with the JD. My friend James and I polished off the better part of the fifth after a few beers and we got a little loud. Christie found herself some Absolut Mandarin and did herself in too--in fact she was hurting so bad, she didn't drink any wine on the wine-tasting tour.
Dragging my ass out of bed early the next morning I managed to scrape myself together to have a round at Bear Mountain Ranch Golf Course. It was a sweet course that reminded me a lot of my trip to Arizona: sweeping views, desert, and poorly played golf. Of course that last feature is one that follows me to every course. I did hit my par however, so I went home happy (I parred one hole, no I'm not a scratch golfer).
We took the boat out on the lake when we got back and got in some swimming and water skiing. We had a hell of a feast for dinner (Christie is a kick-ass cook), and then we played this crappy 20-Questions rip-off game. I think I was the only party-pooper who wasn't into it, but I was tired. In fact I went to bed a bit early and felt like a $100 today.
We packed up and pulled out early. On the way back we hit Rusty's in Cashmere, WA--the home of the Aplet and Cotlet (if you don't know what the hell I'm talking about, you're better off for it). Putting down a double cheeseburger with special sauce and onion rings was a questionable decision at 10:30AM, but we weren't all that rational after a long weekend.
We cleaned up and relaxed around the house, made some pizza, and settled in with a movie. All I have to say is "God damn the Comcast On-Demand bullshit". At the very end of the movie the POS dies and gives me error CM-20, followed by error 14. I tried several times to get it back, including restarting and fast-forwarding the movie back to the same place, which again died promptly.
Now I am left with an incredibly sour taste in my mouth after a good three-day-weekend. That pisses me right off. At least it's a short week.
Tuesday, August 30, 2005
WS-AttackMePlease
So, you've rolled out your shiny new Web service. You've added all the security wizz-bangs you can think of: a little managed code with CAS, Kerberos, some SSL, a bit of encryption and signing, and a few of your favorite WS-* specs. You've been a good citizen and registered with your friendly UDDI server so all the businesses of the world can discover your services and transact business, and you've carefully crafted your WSDL with strong XML schemas.
Whew! It was a lot of work, but boy is the interoperability, service-orientation, and security worth it! Well, unbeknownst to you, along with all this great stuff, you may have implemented WS-AttackMePlease--a little known standard designed to automate hacking of your service.
This is what happens when you rely on magic pixie dust to secure your enterprise. The sweeter the stack the more layers of attack. If you haven't heard of X-* attacks on Web services, you should do a search for XML-Injection, XPath-Injection, and XQuery-Injection (and any other X-* you can think of: e.g. http://palisade.paladion.net/issues/2005Jul/xpath-injection/).
These new attacks are really just variants of your long-time favorites: SQL-Injection, DOS, and XSS. As more and more developers turn to SQLXML and XQuery these problems will only multiply.
There are many specific attacks that are certainly unique to these kinds of environments, however it all boils down to a failure to head Howard's Rule from WSC2: All Input is Evil! This is just a friendly reminder to santize your input! Whether it looks like SQL: ' or 1=1 -- or XPath: abc' or 1=1 or 'a'='b you still got 0wn3d.
BTW: You may need to crack the stack to get full protection. It depends on what the server's worth to you. Fortunately, IHttpHander is easy to override and forward. You did the right thing by adopting Web services. Now do the right thing and do your threat analysis.
Happy defensing.
Whew! It was a lot of work, but boy is the interoperability, service-orientation, and security worth it! Well, unbeknownst to you, along with all this great stuff, you may have implemented WS-AttackMePlease--a little known standard designed to automate hacking of your service.
This is what happens when you rely on magic pixie dust to secure your enterprise. The sweeter the stack the more layers of attack. If you haven't heard of X-* attacks on Web services, you should do a search for XML-Injection, XPath-Injection, and XQuery-Injection (and any other X-* you can think of: e.g. http://palisade.paladion.net/issues/2005Jul/xpath-injection/).
These new attacks are really just variants of your long-time favorites: SQL-Injection, DOS, and XSS. As more and more developers turn to SQLXML and XQuery these problems will only multiply.
There are many specific attacks that are certainly unique to these kinds of environments, however it all boils down to a failure to head Howard's Rule from WSC2: All Input is Evil! This is just a friendly reminder to santize your input! Whether it looks like SQL: ' or 1=1 -- or XPath: abc' or 1=1 or 'a'='b you still got 0wn3d.
BTW: You may need to crack the stack to get full protection. It depends on what the server's worth to you. Fortunately, IHttpHander is easy to override and forward. You did the right thing by adopting Web services. Now do the right thing and do your threat analysis.
Happy defensing.
Thursday, August 25, 2005
Welcome, Mr. Knutson
Today I welcome Jeff to Seattle! He's coming to check out my homeland. I figure we'll get some good Red Hook Brewery action, the Space Needle, Microsoft, and--of course--some Xbox. Too bad there's not enough time for golf. We'll have to fix that next time.!
Link: http://jeffknutson.blogspot.com
Link: http://jeffknutson.blogspot.com
