Latest Entries »

My blog has moved

I’m over here now. Thanks to Ron of Skull Security for hosting. Beware of zombies.

Advertisements

Hey guys! With my last paycheck I decided I needed a little bit more hard drive space.. or a big bit. I took the jump to the next order of hard drive magnitude: The terrabyte.

A quick search around the internet brought me to find only one drive, Western Digital’s WD10TPVT. I’ve used Western Digital drives before, and I guess you could say “I swear by them”. If I had a preference in hard drives, which I really don’t since they’re all decent, it’d be Western Digital. I’ve never once had a drive of theirs fail on me. But that doesn’t matter, since they’re apparently the only ones with TB laptop drives.

There’s a catch, right? Of course. They haven’t managed to fit all that space onto 3 platters yet, so they had to have space for a 4th platter. That means the drive is physically bigger than most, being 12.5mm tall instead of the standard 9.5mm. The sad reality is that this won’t fit in most laptops. However, Apple’s late 2009 13″ MacBook fits it like a glove, and I have no reason to believe that it won’t fit in the 15″, 17″, and their MacBook Pro brethren.

Without further ado, here is the drive on Google shopping, starting at the modest price of $170, and information on it straight from the source.

With Diablo II’s new patch coming out, I wanted to get my foot in the door with writing a few.. lets just say, utilities. For that, I’d need me a Windows machine, because all my experience with this sort of stuff is in Windows, and lets face it, I’m not that good at Objective-C yet. So, I grabbed an old laptop, a Latitude D610, and got to work.

This machine had a bit of an issue, which after googling around appears to be not uncommon. The pointer runs away. No, seriously. It goes and hides in the corner at random. It’s very annoying. This is caused by the touch stick, the eraser mouse, the nipple in the middle of the keyboard, whatever you want to call it. For some reason after some time, which seems to be “right now” as decided by a lot of D610’s, it wears out and doesn’t have a clue where your pointing it, so it tries to guess. Obviously, it sucks at it.

A few people on forums have mentioned that the solution is to replace the keyboard. Since these computers are relatively old keyboards are cheap. I briefly considered a new one, and they’re running at $10 buy it now refurbished on eBay, free shipping. I consider that very acceptable, but there’s gotta be a way to fix this with what I have laying around.

It turns out I had the perfect tool for the job! I hate track points with a passion. I don’t like being restricted to how fast I can move my pointer, so this solution was not only fixing the issue, but also getting revenge. Following the Dell service instructions, linked below, I removed the keyboard to check out the situation. Just as I hoped, the trackpoint cable is separate from the keyboard cable, although taped together. The obvious step was obvious: scissors, execute. I put the shebang back together and it’s working just as expected, with the eraser doing nothing. Considering the laptop comes with a trackpad as well, I consider this very acceptable.

Disclaimer: This will void your warranty.. if D610’s are possibly under any form of warranty anymore. But I like voiding warranties.

Dell: Removing D610 Keyboard
Dell: Removing Center Control Cover (gives you access to keyboard screws)

Security: Windows vs UNIX

This topic has been explored from the technical standpoint far too many times for me to rehash here, so I’m taking it from the users standpoint.. of course, backed by the technology of it. This arose from a conversation at school today.

One thing I’ve always found a bit interesting is computer security. It’s a well known and accepted fact that there are more successful attacks on Windows than any other operating system. Notice my careful wording. I didn’t say Windows is less secure, and I’ll try not to subliminally hint that I think it is. Oh, there I go.

I’ve come to a conclusion, based 100% upon making up conclusions as I go: Any security system is only as strong as the weakest link, which is almost invariably the user. I believe the vast majority of attacks upon Windows are based off of a strategy not unlike social networking. I’m not sure of the precise term for it.. it’s not the “I’m stuck in Japan, please wire me 5000 euros” deal. But before we go any further, a bit of a history lesson.

Windows’ home flavours, up through Windows XP, ran programs by default as the administrator. As administrator, you have absolute dictatorship over your computer – it’ll follow the instructions in the programs you execute to the letter. If you say you want to delete your Windows folder, it’ll do it. If you say you want to make your CD-ROM drive spin a disk at 1000RPMs until it shatters in your drive.. whatever. It’s the way it had been, and the way it should be — it’s your computer, you better have control over it!

This is a very flawed idea, which is also a well accepted fact. As an administrator, every program you download from the internet to try out gets free reign over your computer. As an administrator, every ActiveX applet on a website you visit in Internet Explorer gets free reign over your computer. That’s right: on a stock Windows machine, if you visit my website and I have an ActiveX control written to do malicious things, you can kiss your computer good bye. (Disclaimer: I’m not that big of a jerk.)

Windows Vista solved this issue. You know all those really annoying (I’ll get back to this) pop ups asking if a program can have administrator rights? In Vista, you’re not an administrator by default. You’re a “user” who is allowed to escalate yourself to an administrator when needed (in most cases), which is a much better way of doing things. As you probably know about me, I don’t really like Windows. However, I’ll admit that Windows Vista was a major step forward in security. That is saying something.

Flip to the other side of the coin and we have UNIX, namely Mac OS X, but really any UNIX. On every (functioning) UNIX box, there’s a user account known as root. Basically, your computers god. UNIX users are scared dead of running anything as root, and they should be. One of the first things you learn using UNIX is that you NEVER log in as root, and only use the sudo command (execute something as root) when it’s absolutely necessary, and you know what it will do. This is essentially the same as Windows Vista’s UAC. I wont point out the fact that UNIX had it 30 years earlier. Oops.

Now, we’ve come to the point where the two operating systems are both pretty well secured. Okay, there are a few holes in both which get regularly fixed, but they’re pretty solid. What’s the difference? The difference is the user and the programs. Everyone and their mother knows how to use Windows, and does, but there are probably people who’d look at you like you should go back to Area 51 if you say you use UNIX. My point is, non-technical users use Windows. They don’t understand the risks of using unsafe software. If a program, malicious or otherwise, says that it conflicts with their antivirus or firewall, they won’t think twice about doing so. For the benefit of the doubt, they probably actually do conflict with the antivirus, but if you’re on a cruise ship and someone says that the big metal thing is blocking their view, do you cut a hole in the hull so they can see the fish better?

The other issue is not as much the users fault, and that’s old program compatibility. Let’s face it, there are people out there who use their computers for nothing more than running Quicken ’97 and buying stuff online from Amazon. Older programs, from before the change in Vista, generally stored their configuration in Program Files, not in the users AppData directory, and they require administrator access to work properly. Okay, that’s fine. I bet Quicken doesn’t have malicious code in it. But Joe or Jane User gets used to clicking “Okay” every time and when they accidentally visit amazin.com (Disclaimer: I don’t know what’s there) and click “Okay”, they take their fate into their hands out of force of habit. I hope that over time as obsolete software gets more obsoleted, this issue will clear up, although general user incompetency will be an issue until nuclear winter.

My opinion (quick, find a grain of salt): UNIX is more secure not only because it was done right the first time, but ultimately because it’s users are more educated in the dangers of malicious code.

I enjoy using Minefield (Firefox alpha) and watching the progress, but downloading the nightly build DMG and replacing the app every day is a pain, and therefore I only update when I get bored or something gets wrong. I decided to get into the true spirit of nightly builds and write a script to automatically update Minefield.

echo "Mounting Minefield DMG.."
hdid -quiet http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-trunk/firefox-3.7a4pre.en-US.mac.dmg
echo "Removing old Minefield.."
rm -rf /Applications/Minefield.app
echo "Installing new Minefield. This could take a while.."
cp -r /Volumes/Minefield/Minefield.app /Applications
echo "Unmounting Minefield DMG.."
hdiutil detach /Volumes/Minefield -force
echo "Done."

Running that gives you pretty output.

[20:11:02] [william@enterprise ~/Documents/Programming/bash]$ ./updateff.sh
Mounting Minefield DMG..
Removing old Minefield..
Installing new Minefield. This could take a while..
Unmounting Minefield DMG..
"disk1" unmounted.
"disk1" ejected.
Done.

Linux users should be able to convert this to use the tarball pretty easily, but Windows users are up a creek without a paddle. Of course, they’d still be there even without Minefield. To those with a decent OS, enjoy!

EDIT Updated on 03/18/2010 to point to Firefox 3.7a4, instead of 3.7a3.

I’ll admit, I’m a World of Warcraft player. I’ll also admit, I don’t have time to farm. You see where this is going. I was a WoW Glider user until the American justice system gave in to nicely dressed and well paid lawyers (who didn’t see that coming) and Michael Donnelly was held personally responsible for $6,500,000 of damages his project apparently caused Blizzard. But that’s not what I’m blogging about — I’m blogging about Pocket Gnome, a neat little bot for OS X.

But this is a blog about technology, not gaming, isn’t it? Right! Blizzard (the company that made WoW), like many other gaming companies, employs an anti-cheat engine to keep the game fair. Everyone does it their own way, and Blizzard’s personal brand is called Warden. Warden runs in the background whenever a WoW player is online. I’m not up to date with the technical aspects of how it works, but at least in their other games, it involves checking the values at memory locations that have cheat code “injected” into them — in English, where it’s modified to act differently. A famous hack for their WarCraft and StarCraft RTS games is the maphack, which causes other players bases to appear through the “fog of war” and in unexplored areas, giving an obvious unfair advantage to the player using it. By checking the memory locations involved in map display for modifications, poorly written maphacks are easily detected by Warden, who phones home to Blizzard to rat you out, and then they’ll do what they want with you — generally ban your CD-Key from ladder play.

Notice, though, that I said poorly written hacks. WoW Glider was a different breed — it was undetectable by Warden for a very long time. It did this by running World of WarCraft as an unprivileged user and running the bot itself as an administrator. Doing this made WoW metaphorically blind — Glider was there, but WoW had no idea. Another detection mechanism is seeing if keyboard and mouse activity comes from a physical device or from a program. Glider defeated this by loading a device driver, known as “Shadow”, emulating a keyboard and mouse so it would appear that Glider was a physical device as far as WoW was concerned. There was a few years of cat and mouse between the two companies, and eventually WoW followed the American way: when in doubt, legal action. I guess we figured out what they do with people’s subscription money, didn’t we?

Back to Pocket Gnome, though. It’s an interesting product because where Glider’s innards were a major secret, Pocket Gnome is actually open source. This allows many benefits that I won’t go into detail about here (but if you’re interested, check out GNU). The reason that they don’t have to be secretive of the inner workings is because of the system it runs on. Pocket Gnome only runs on Mac OS X Leopard or Snow Leopard. To quote their website: Pocket Gnome does not and will never run on Windows. Why? Because Mac users are elitist jerks? No. The entire reason for it’s security is in OS X itself. Because software runs as an unprivileged user by default in UNIX (yes, OS X is UNIX), WoW is blind from point A, and it’s not suspicious at all that WoW can see nothing. Even if Pocket Gnome were run as an unprivileged user WoW couldn’t see it, but it also couldn’t see WoW, so it has to run as an administrator. You remember when you were 16 and hated your parents and had this helpless feeling, like there was nothing you could do no matter how hard you tried? That’s World of WarCraft without admin privileges. Detect this, Warden!

Unfortunately that leaves Blizzard with only two choices: ignore Pocket Gnome, which they seem to be doing for now, or have them shut down, which I hope isn’t the course they’re going to take. But even to non-gamers, the technology behind the situation is interesting. The security that Windows users have longed for is built right into each and every Mac.. until you install Windows.

Fun with CoreLocation

The other day I was just getting into using CoreLocation on iPhone OS, and I found a great tutorial involving making a driver class to add a level of abstraction between CLLocationManager and your code. CLLocationManager is kind of complex to a first time user, and my class simplifies it a bit. You simply implement the protocol with two callbacks (location updated, error reporting), set your interface as a delegate for my driver, and let the events start flowing. N.B: Requires your app to reference the CoreLocation framework.

WLLocationDriver.h:

//
//  WLLocationDriver.h
//
//  Created by William LaFrance on 2/23/10.
//  Public Domain
//

/**
 * Protocol for any interface being used as a delegate to WLLocationDriver.
 * This greatly simplifies using a CLLocationManager.
 */
@protocol WLLocationDriverDelegate
    @required
    - (void)locationUpdate:(CLLocation *)location;
    - (void)locationError:(NSError *)error;
@end

/**
 * A simple location driver. Excecutes two simple events: one for location
 * changes, and one for errors.
 *
 * Usage:
    locationDriver = [[WLLocationDriver alloc] init];
    locationDriver.delegate = self;
 */
@interface WLLocationDriver : NSObject  {
    CLLocationManager *locationManager;
    id delegate;
}

/**
 * The CLLocationManager we're getting events from
 */
@property (nonatomic, retain) CLLocationManager *locationManager;

/**
 * The delegate we're sending our own events to
 */
@property (nonatomic, assign) id delegate;

/**
 * Called by the location manager every time a location update occurs (ie, a new
 * GPS fix).
 */
- (void)locationManager:(CLLocationManager *)manager
        didUpdateToLocation:(CLLocation *)newLocation
        fromLocation:(CLLocation *)oldLocation;

/**
 * Called by the location manager every time a location update error occurs,
 * such as not being able to get a GPS fix.
 */
- (void)locationManager:(CLLocationManager *)manager
        didFailWithError:(NSError *)error;

/**
 * Easy access to the devices current location
 */
- (CLLocation *)getCurrentLocation;

@end

WLLocationDriver.m:

//
//  WLLocationDriver.m
//
//  Created by William LaFrance on 2/23/10.
//  Public Domain
//

#import "WLLocationDriver.h"

/**
 * A simple location driver. Excecutes two simple events: one for location
 * changes, and one for errors.
 *
 * Usage:
    locationDriver = [[WLLocationDriver alloc] init];
    locationDriver.delegate = self;
 */
@implementation WLLocationDriver

@synthesize locationManager;
@synthesize delegate;

/**
 * Initializes the location driver, constructs the location manager, and begins
 * to get event updates.
 */
- (id) init {
    self = [super init];

    if (self != nil) {
        self.locationManager = [[[CLLocationManager alloc] init] autorelease];
        self.locationManager.delegate = self;
        [self.locationManager startUpdatingLocation];
    }

    return self;
}

/**
 * Called by the location manager every time a location update occurs (ie, a new
 * GPS fix).
 */
- (void)locationManager:(CLLocationManager *)manager
        didUpdateToLocation:(CLLocation *)newLocation
        fromLocation:(CLLocation *)oldLocation
{
    if (delegate != nil)
        [self.delegate locationUpdate:newLocation];
    else
        NSLog(@"%@", @"Failed to report location -- missing delegate.");
}

/**
 * Called by the location manager every time a location update error occurs,
 * such as not being able to get a GPS fix.
 */
- (void)locationManager:(CLLocationManager *)manager
        didFailWithError:(NSError *)error
{
    if (delegate != nil)
        [self.delegate locationError:error];
    else
        NSLog(@"%@", @"Failed to report error -- missing delegate.");
}

/**
 * Easy access to the devices current location
 */
- (CLLocation *)getCurrentLocation {
    return [locationManager location];
}

/**
 * Clean up the mess we made
 */
- (void)dealloc {
    [self.locationManager release];
    [super dealloc];
}

@end

To use this, create a new iPhone app, add a WLLocationDriver to your classes interface, and stick these methods in your app delegate.

- (void)viewDidLoad {
    [super viewDidLoad];

    locationDriver = [[WLLocationDriver alloc] init];
    locationDriver.delegate = self;
}

- (void)locationUpdate:(CLLocation *)location {
    NSLog(@"%@", [location description]);
}

- (void)locationError:(NSError *)error {
    NSLog(@"%@", [error description]);
}

Enjoy!

I recently started playing with Core Location programming on my iPod Touch (which is way cool, by the way — GPS location via Wifi), and wanted to plot my location on a map using MapKit. Centering on your position is easy.. just construct a MKMapView object and call it’s setCenterCoordinate method every time the location driver tells me I’m at a new location.

However, when it came to adding a pin (called a map annotation) on your exact coordinates was more difficult. The addAnnotation method requires an <MKAnnotation> to be passed to it, which is not an object but a protocol. In my hour long search, I couldn’t find a bare bones implementation of that protocol anywhere in MapKit, so I decided to reinvent the wheel. Hopefully Google catches this before any other developers have to do the same. I present to you, WLSimpleMapAnnotation! N.B.: Requires your project to reference the MapKit framework.

WLSimpleMapAnnotation.h:

//
//  WLSimpleMapAnnotation.h
//
//  Created by William LaFrance on 2/23/10.
//  Public Domain
//

#import <Foundation/Foundation.h>

@interface WLSimpleMapAnnotation : NSObject <MKAnnotation< {
    CLLocationCoordinate2D _coordinate;
    NSString * _title;
    NSString * _subtitle;
}

+ (id) initWithCoordinate:(CLLocationCoordinate2D)coordinate;
+ (id) initWithCoordinate:(CLLocationCoordinate2D)coordinate andTitle:(NSString *) title;
+ (id) initWithCoordinate:(CLLocationCoordinate2D)coordinate andTitle:(NSString *) title andSubtitle:(NSString *)subtitle;

- (NSString *)title;
- (NSString *)subtitle;

@end

WLSimpleMapAnnotation.m:

//
//  WLSimpleMapAnnotation.m
//
//  Created by William LaFrance on 2/23/10.
//  Public Domain
//

#import "WLSimpleMapAnnotation.h"

@implementation WLSimpleMapAnnotation

@synthesize coordinate = _coordinate;

+ (id) initWithCoordinate:(CLLocationCoordinate2D)coordinate {
    self = [super alloc];
    _coordinate = coordinate;
    return self;
}

+ (id) initWithCoordinate:(CLLocationCoordinate2D)coordinate andTitle:(NSString*) title {
    self = [super alloc];
    _coordinate = coordinate;
    _title = [title retain];
    return self;
}

+ (id) initWithCoordinate:(CLLocationCoordinate2D)coordinate andTitle:(NSString*) title andSubtitle:(NSString*) subtitle {
    self = [super alloc];
    _coordinate = coordinate;
    _title = [title retain];
    _subtitle = [subtitle retain];
    return self;
}

- (NSString *)title {
    return _title;
}

- (NSString *)subtitle {
    return _subtitle;
}

-(void) dealloc {
    [_title release];
    [_subtitle release];
    [super dealloc];
}

@end

Unfortunately, this code suffers a few compiler warnings in the constructors, but otherwise works completely fine. I’ve decided to make this code public domain (do whatever you want with it, but please don’t use it to control nuclear weapons), because it’s stupidly simple, but just tedious. Enjoy!

EDIT: Fixed the header to extend <MKAnnotation>.

Hello. My name is William LaFrance. I’m an information technology student at Madison Area Technical College in Madison, Wisconsin. This blog will be rather technical, involving posts revolving around new technologies, and my adventures through current ones. Enjoy!