Martin @ Blog

software development and life.


Archive for May, 2005

Apple Tiger

Yesterday I finally installed Tiger on my Mac Mini. There are not many changes in comparisation to Panther, apart from some new RSS functionality and ofcourse Dashbodrd. Dashboard is pretty nice, and should be available for other OS’ses, because nobody uses calculators, sticky notes etc on their computers, because when they are on the desktop, the other windows cover these applications and when they are always on top, they are always at the wrong place. With Dashboard solves this problem in a very nice way.

I just saw a link to a nice site containing samples of what can achieved with Quartz Composer. While I had never heard of this application, which is part of Xcode2 as it seems, one can create rather nice things with it. All screensavers for MacOS X seems to be created using Quartz Composer.This site is the one I’m talking about. Unfortunately, I’m afraid that the movies doesn’t work on systems without Quicktime, and maybe even not on non-Apple systems. A nice tutorial for Quartz Composer can be found here.

Discussion about Planet Gnome look

Since a few days Planet Gnome features a new look which is created (as far as I know) by Seth Nickell. As with almost every design change on a relatively big site, there are a lot of critics on the new look. I personally think the new Planet Gnome look is an improvement and the hackergotchi (or how they call the heads without body) on the side looks very nice, while in the previous layout it looked like the heads belong to the actual blog entry text.
Havoc Pennington pointed to a post of Pete Zaitcev (I don’t know who he is or what he does) which says that the only reason why online magazines doesn’t use the entire with of the site for text is that they otherwise don’t have space for advertisements. Pete’s own weblog actually does use the entire with of the browser for text, which instantly proves why his statement is false. While I’m not a graphical designer or something, I surely know that the optimal width of a text is when there are about 12 words on a single line. When the line is wider, the human eye easily lost the correct line when starting at a new line and therefore it is more difficult to read a very wide text. This is already the case on the weblog of Pete on my browser, which isn’t even full screen.

Linux security

For a course which I am currently following at the university, we got the exercise to try some exploit methods on Linux. While I did not have much knowledge about such stuff, I get more fun trying to breach security measures. A few weeks ago we had to find websites which were vurnerable for SQL-iinjections, which was rather easy. Last week we got the exercise to exploit races in setuid programs in order to overwrite a file for which the user has no permission to overwrite it. To my surprise this was rather easy (ofcourse we had a simple program to exploit, which make things a lot easier).
Today I decided to look into buffer overflow exploits. While this was actually an exercise a few weeks ago, I didn’t have time then to look into it thouroughly. There are some very interesting papers on this subject available on the internet (I don’t link them here, because finding the website for the course is also an exercise for new students).
I tried some examples which were described in the various articles on my server (because my desktop runs currently MacOS X). To my surprise most of the stuff didn’t work. At first I thought I was doing things incorrectly, but further investigation proved that it was caused by the OS. I knew that at least FC3 has improved security in comparisation with other distro’s, but also FC2 has some enhancements. It contains kernel patches which provides a non-executable stack… this make exploiting a buffer overflow a lot harder, but (as far as I know) not impossible. I also think that I have found a tool in MacOS X which has a security issue, but I’m not sure if it is exploitable.. a nice exercise.

The Tiger is coming!

I just received an e-mail of Apple telling me that my update for MacOS X Tiger has been sent. I will receive it in two work days from know, so is the e-mail telling me.
I think Steve Jobs just came at his office and saw my request lying there (which has been sent to Apple 2,5 weeks ago) and thought: “Hm.. his now waiting long enough.. I’ll send him an e-mail and put his package on the mail.”
I only received yesterday a note that Apple has received my request. I bought my Mac Mini two days after the release of Tiger, but unfortunately, it wasn’t included in the box. I had to fill out a form on the internet, but my serial number of the Mini wasn’t registered or something like that, and the only way to get Tiger was by sending a form with the regular post…

Computer security

Today I received another e-mail from the internet provider which I use to get internet access at my parents house. In the e-mail there was a piece of text about a recent virus outbreak of the virus Sober.Q (or something like that). The virus circumvents various security programs such as virus scanners and firewalls (according to the text in the e-mail, the Windows XP firewall among others). The virus causes a lot of spam in the German language, which slipped through most spam filters (not my spamfilter as it seems, because I hardly got any of such e-mail spam messages).
While (again) reading such stuff I wonder why people still keep using Windows. Since at least 2 to 3 years I hardly use Windows and certainly doesn’t read e-mail or install software which possibly could contain virusses. Therefore I hardly think about viruses or other malware while installing software or reading e-mail. I think this makes (computer)life rather easy and less stressfull. Since a few weeks I have also an Apple Mac Mini, which also doesn’t suffer from virus threats or things like that, but the usability is comparable to that of Windows (at least for non-computer wizards). Computer magazines and websites suggest that people should care about virusses and malware while using their computer and thus assume that everybody uses Windows. They suggest virusscanners (which costs money), firewalls (which until recently costs money, because since SP2 it is a standard component of Windows XP) and other tools to keep their computer safe from problematic software.
Why don’t they suggest to look into other operating systems? That whould make life for computer uses so much easier, because one doesn’t have to think about virusses at all which implies that one can also not forget to think about it.

Most of the time, when you say such things, they come with the argument that when people massively start using MacOS X (for example) virusses will also come to that platform. This is, however, a point which is incorrect, because the security model from MacOS X (and most Unices, except Lindows amongs other distros) is better than Windows. Windows still let the user works as administrator, while most Linux distros and MacOS X let people by default work with a ristricted user account. Therefore virusses cannot install them self systemwide. I don’t understand why this isn’t the default on Windows XP, because in my opinion this would solve a big number of problems. The only consequence is that people have to type a password when installing a program. You only have to let them understand that they must not provide that password when they don’t expect it to give (which is probably a difficult task). And ofcourse Windows shouldn’t give the administrator account an empty password – which is the default in Windows XP Home edition…

Microsoft speech

This afternoon a Microsoft employee from the Dutch division of the company came to the university to speech about Microsofts vision on open source and open standards. Because open source and Microsoft is an interesting combination, I decided to give it a try. To my surprise I must say the person from Microsoft (Raul Pesch) was rather relastic. He admits that Microsoft does not have the intention to become an open source company, and that this doesn’t give users the freedom which open source software give their users. The main reason why MS stick to their closed source software business model is, at least according to Pesch), the fact that MS doesn’t have a support department.
Of course there was also the usual FUD from the company. Pesch brought up an example about a list made by the Dutch government, which described open standards which should be used by the government. On that list was the MS .doc-format used by Word not allowed and should PDF be used insteat. When MS said that PDF isn’t an open format, but MS XML-format used by MS Office is, the government changed the entry. MS say that PDF is controlled by Adobe and hence not an open format. He forget the fact that the PDF-specifications are open and (as far as I konw) there are no patents which apply to the PDF format. The Microsoft XML format used by Office, however, isn’t documented (at least not in public available documents) and I doubt that there isn’t any MS patent which applies to this format. Another example Pesch gave was Java, which isn’t an open standard he says while .Net is (which is obviously not the case).
Also there was a lot of so-called ‘facts’ about market share, TCO and so on, but as we know, MS is very good (as every company) in manipulating such statistics. Pesch could also not resist to flame on some companies. According to Pesch, Red Hat does not provide the sources of their Red Hat Enterprise Linux product, which is not the case witnessing White Box Linux and aother products. He say that Apple took BSD and didn’t return anything. When one listener point to the OpenDarwin project, he said that this was only the ‘infrastructure’ of the OS.
I asked him about his opinion on Sun’s effort with OpenSolaris. Apart from some defaul statements such as ‘Sun is in big problems and tries to solve it this way’ and ‘Solaris is rapidly lousing market share, and Sun tries to change it with this effort’. I also asked about software patents and his opinion about that. At first he said that he would come on that topic in the second part of his speech, but when the speech ended, he quickly packed his stuff without speaking about this topic. I also asked him about Mono (and why he says .Net is open and Java is not, while both standards aren’t), open source implementations of Java and IBM, but he didn’t say anything new or interesting about that. All in all it was an amusing speech, but he didn’t say anything new (which I could expect of course).

Further career

Today I have arranged the next step of my career as a student. Because I’m currently following the last courses of the master computer science, it became time to arrange my graduation (afstuderen). The first thing I have to do is to get my course list approved by the examination comittee. I only have to complete four courses, which is doable this trimester.
To my relief the university people I have spoken today, think it will be possible to start graduating next schoolyear, which will start at 1 september this year. Then I have to work for a year at the university.

Apple software

While there is a lot software for the Mac which is also available for Linux, there are some applications which are not. For example P2P-applications. Using Linux, I mainly used dc-gui (the former name of Valknut). While this tool is available for the Mac, I couldn’t connect to the Hub I used to use (probably due to the fact that my password doesn’t work anymore) so this software was not very usable.
Then I read about XFactor, which appearantly was a very nice program, making Windows users jealous. So I gave it a try, and I must say that it work pretty good. It is open source and based on GiFT (for which I never found a good frontend for Linux (especially Gnome)). Screenshots are on the site of the project. I don’t post one here because it looks the same as the screenshots on the site of the project.

New Computer

Last week I bought a new computer. Since I wanted something new, I decided to buy a Apple Mac Mini. I didn’t have any experience with Apple computers. The main reason for buying a Mac Mini was its size and the ability to run MacOS X and Linux. Thus far, I’ve only used MacOS X on the system, and I must say that it is a very nice operating system. The usability is very good in general, but in some cases there are some minor issues.
In comparisation with Gnome or KDE (with which I don’t have a lot recent experience) there are some things better in MacOS X, but other things are worse. For example the default terminal applications provided with OS X is worse than for example Gnome-terminal. The same holds for the default texteditor (I use gedit a lot on Gnome, and I think it is a very nice editor, I didn’t yet find something like gedit for MacOS X). At the moment I use MacOS X as primary OS, but I don’t exclude the posibility that I will switch to Linux in the future. MacOS X isn’t open source, which is a major drawback in my opinion.

Edit: I forgot another problem with MacOS X: It doesn’t support Ogg Vorbis by default. I cannot imagine one valid reason to not support this open and free audio format, so why isn’t it included in Quicktime and iTunes (especially in the lather it would be a very nice feature in my opinion).

New weblog (temporarly)

It took a while, but finally the server on which my weblog was hosted, decided to crash. The hard disk died, resulting in the loss of most of my weblogentries. I’m not very happy about that, but of course it is my own fault.
As a result, I decided to grab the latest version of WordPress and use this as a temporary resort, because I’m still working on my own weblog system. Unfortunately, it is not ready and while working on it last weekend, I broke most of it. I’m not sure creating a new system is the best way to go, but I want a custom look, and the templating system of wordpress is not very clear to me. I also looked at Typo which is written in Ruby using Ruby on Rails. This framework seems rather nice, but unfortunately I can’t get it working on my system.

All in all, everything is pretty meshed up with my weblog and I’m not happy with it.

You are currently browsing the Martin @ Blog blog archives for May, 2005.