Sunday, August 26, 2007

Weekend Wedding

Vikki and I went to Lauren and Greg's wedding on Saturday, where I had to wear a tuxedo and walk here down the aisle. Lots of fun. Got to see Jayden. Dancing ensued. Any photos of me doing "YMCA" are completely fake.

Wow. My little sister is married. I must be getting old.

Saw the Simpson's Movie today. Now I understand what the hell Dan was singing in the office a few days ago:

Spider Pig!
Spider Pig!
Does whatever a Spider Pig does!
Can he swing from a web?
No he can't!
He's a pig!

At work I've been doing some performance profiling. It brings a certain smile to my face when I take a piece of code that ran a given function 278,000 times and reduce it to 958 calls. Or take a routine that used to take 108 seconds, and make it run in 1.4 seconds and still be functionally equivalent. Will hopefully have the performance improvements finished tomorrow.

Still feeling pretty worn down from the week, and didn't really get a chance to recuperate over the weekend like I normally do.

Wednesday, August 22, 2007


So for the last week or so I have been sitting in on these 9:00am meetings where the customer is showing us how their current processes work for deploying Microsoft SQL Server. We use WebEx, and can actually see his entire desktop projected onto our conference room wall. Normally it's just the scripts we are discussing, but some times it's something juicier like his email or his IM conversations.

It made me remark to Morris today that I felt like it was the part in the movie Star Trek: Generations where the bad guys had put a hidden camera into Geordi's visor, and were watching and waiting for him to walk past the display in Engineering that showed the frequency to the Enterprise's shields.

Morris later this evening was nice enough to forward the dialog to me in email:

That's it!
Replay from time index 924.
Magnify this section and enhance.
Their shields are operating on a modulation of 257.4.
Adjust our torpedo frequency to match 257.4!

Worf: They have found a way to penetrate our shields!
Riker: Lock phasers and return fire!

Exit /b 1

So I spent an hour trying to debug why pre/post scripts weren't enforcing stopping workflow execution when the user's script exited with a non-zero return value. Discovered there was nothing wrong with my software - Windows batch files are just really, really stupid.

Let's look at BASH for a second. If you wanted to exit a script, returning "1" to the caller, you would put this in your script.

exit 1

Easy enough? What does this look like in a batch file? Well that depends on how you are being called. Let's look at the naive answer

exit 1

What does this do? Well if you happened to call this batch file from another batch file, you would be surprised to find that both the called batch file and the caller have stopped execution. Using exit actually terminates all execution of both the current script and all calling batch files.

To demonstrate the silliness, here is a handy dandy chart. We're going to assume that the parent batch file just does the one command so we can look at the exit status received by the parent's parent (since the %ERROLEVEL% of the last command executed is the return value of the script when there is not an explicit exit).

Parent Invocation methodInvocation methodExit methodcaller parent gets exit status?Grandparent gets exit status?Effects?
foo.batbar.batexit 1noyesBoth parent and child exit
foo.batcall bar.batexit 1noyesBoth parent and child exit
foo.batbar.batexit /b 1noyesOnly child exits
foo.batcall bar.batexit /b 1yesyesOnly child exits
cmd /c foo.batbar.batexit 1noyesBoth parent and child exit
cmd /c foo.batcall bar.batexit 1noyesBoth parent and child exit
cmd /c foo.batbar.batexit /b 1nonoOnly child exits
cmd /c foo.batcall bar.batexit /b 1yesnoOnly child exits


This gets really nasty when you're writing a script and don't know how you're going to get invoked. A good rule of thumb would be to always do "exit /b 1", but if you do that and they called you directly instead of saying "call foo.bat", then your return status gets dropped on the floor. But if you leave out the "/b", then calling "exit 1" will appear to work just fine when you test the script from the command line, but will explode when called by others since it will cause their scripts to seize execution as well.

Monday, August 20, 2007

The weekend, strange dreams, and MythTV on OS X

Left work a bit early on Friday so I could go to Greg's bachelor party in New Jersey. Dinner at Pete and Elda's in Neptune, and ended up at a bar in Belmar (the place that used to be Pat's Tavern). Hung out with Kyle on Saturday and then caught the train to Philly from New Brunswick. Helped Vikki study for her comprehensive exams on Sunday.

Despite leaving early on Friday and not working at all on Saturday, I clocked 62 hours at work last week (8+15+12+12+8+7). Things are starting to look under control with my project but there's still a long way to go.

I had this dream last night that I was at the Musée d'Orsay in Paris trying to find the original version of Monet's The Bridge at Argenteuil, of which I have a copy in my living room. It's weird though, because it wasn't really a dream so much as a reliving of an experience I had in real life. Later in the morning I woke up from a dream where I was giving a talk to an audience about installing SQL Server using Clarity. Also weird.

A few months ago I went through the agonizing process of trying to get MythTV installed on OS X. I was having a problem relating to symlinks that none of the other MythTV/OSX developers were having (despite me having a brand new OS install on my laptop). I spent a few weekends working on it in various coffee shops in Philadelphia and never figured out what it was and eventually gave up.

This morning I was vindicated. One of the guys who did a bunch of the work to get MythTV running on OSX ran into the same problem and reported it to the mailing list:

I'm not crazy after all (or at least this issue does not indicate such)...

Thursday, August 16, 2007


Home from work tonight before 10pm for the first time this week. Doing some laundry, reading the Onion. Drinking sprite. Doing dishes. Trying to clean up the mess of an apartment that has just been getting worse all week. What I might call a relaxing evening for once.

So tired. Exhausted. Have another 9am meeting tomorrow.

Somebody on my floor is smoking pot. Alot of it. Walking from the hallway to the laundry room makes me feel like I'm in Eric's apartment.

Made some good progress at work today. Sort of. I fixed some pretty serious bugs, but didn't make any real forward progress for the deliverable today like I planned.

Ok, so this was a pretty boring entry. Sorry for wasting your time.

Wednesday, August 15, 2007

Verizon vs. the Needham Fire Department

A funny tale about PR denial:

In the first comment somebody wrote in response:

Submitted by Anonymous (not verified) on Tue, 08/14/2007 - 8:45am.

"Deputy Fire Chief DeIulio has no ax to grind"

Maybe he's a Verizon customer.

Sunday, August 12, 2007

The weekend

Went to a wedding yesterday with Vikki at the church in Villanova University. She has photographic evidence of me "dancing" at the reception afterwards, but I will assert that it was all done with mirrors and lighting tricks. Was nice to meet some of her fellow Psychology doctoral students.

Left from Philly first thing this morning and spent the entire day at the office trying to get some code working. It's going to be a long week.

Why Perl can be better than shell even for simple things

So Ben (formerly referred to as "the IT Guy") was talking about how in some cases a Bash script can be better than a Perl script. And he cited a specific example:

find /backup -mtime +7 -exec rm -f {} \;

Here's the rub... Try running the command against a directory with 25,000 files that need to be removed. It will take **hours** because of the continuous forking and spawning of /bin/rm.

Rewrite that with a Perl one-liner, and the same command will take **seconds**

perl -e 'use File::Find; find(sub{$a = lstat($_) && int(-M _) > 7 && unlink $_}, "/backup");'

One line. About as obscure as the previous approach. Sure that took me thirty seconds to write instead of ten, but on a big directory I'll be done long before the guy with the bash script.

In the interest of full disclosure, I really just stole the above example from perldoc File::Find, but I could have just as easily written it myself in a couple of minutes

Jae gets elected for Eclipse Commiter status

Jae has been doing some great work on the Dynamic Languages project for Eclipse getting support implemented for the DBGP Debugger protocol under Perl.

He has been granted committer status for the main repository, which is a big deal:

Congratulations Jae!

For those interested, his journeys into getting it to work are described in his perlipse blog:

Wednesday, August 8, 2007

Don't buy Compuware DevPartner BoundsChecker

So our IT guy has been going back and forth with Compuware for a few weeks now. I bought BoundsChecker so that I could find obscure memory corruption in our product. It's pretty good at that. What completely sucks though is their support, their licensing, and their sales people.

Most recently, because it takes such a long time to run our product under BoundsChecker (not surprising given the relative complexity), I had my boss buy a hefty multiprocessor server specifically for the task. But since it's a server it puts out alot of heat and noise, so it's probably not the best idea to put it by my desk, but rather to rack mount it in the computer room. So far, so good. Get everything installed, only to find out that DevPartner specifically rigged up their licensing to prevent running the product over Terminal Server sessions. Now I'm not trying to have multiple users on the system - I just need to get remote access to the server because of the physical distance.

Well, let's just say Compuware sucks. They are insisting that I purchase a concurrent user license at three times the cost (over four thousand dollars), just for the luxury of not having to sit at the physical console. Even when I explained the situation that I intended to still only have a single user making use of the product, they basically told me to forget it.

Caveat emptor.

It's extremely tempting to just open the damn thing under SoftIce, trap on the call to GetSystemMetrics(SM_REMOTESESSION) and remove the check. Yes, I can see the irony in using SoftIce (a product of Numega, now part of Compuware) to remove the brain damaged license check in their own product.

Oh yeah, it looks like they canned all the developers working on DevPartner. I wouldn't expect to see much new innovation there...

Compuware Numega Lab Is No More

Sunday, August 5, 2007

Stuck in the airport in the middle of the night....

My 11:59pm flight just turned into a 1:30am flight. Ugh. I'm tired, cranky, and have a headache. I have to drink coffee to fix the headache and stay awake so I don't miss my flight, but this means I can't go to sleep. Ick.

At least the Las Vegas airport has free wireless Internet access (not that it works very well with my Mac)....


I broke even for the weekend in my gambling.

The hotel gave me a $25.00 promotional chip, with which I played one hand of blackjack. The deal was really a best case scenario short of hitting blackjack. I had 10/K and the dealer had 2/4. But he got up to 21 and I lost the chip.

Such is life.


Since the beginning of DefCon, there has been a significant concern about people being able to make counterfeit badges. Let's face it, this is a pretty tech savvy crowd, and you don't want something that somebody could easily duplicate.

The badges have gotten more elaborate over the years. Here is this years:

The badges have a scrolling LED display with two conductive buttons (like an iPod). The user can change the text displayed, as well as the scroll rate. It has a freescale microcontroller and a bdm port that can be used to reprogram the device (assuming you have a BDM cable).

In the spirit of open source and the ability to hack the device, the firmware source code and gerber files for the PCB are on the DefCon CD (it can be compiled with the freely available CodeWarrior toolchain). It also has in the PCB layout unpopulated ports for accelerometers and a ZigBee 802.15 wireless interface. Very cool.

Saturday, August 4, 2007

Saturday talks I attended

A Crazy Toaster: Can Home Devices Turn Against us? - demonstration of using autodiscovery protocols such as bonjour or Universal Plug and Play to compromise workstations.

How to be a WiFI Ninja - a good introduction into antenna design and implementation

Virualization: Enough holes to work Vegas - the notion that running in a VMWare session provides additional protection is bullshit.

Hacking your Access Card Reader - Good discussion info the various biometric and other access control solutions and how fatally flawed they are.

Kernel Wars - introduction into writing kernel overflows and hands-on demonstration on various operating systems

Smashing the Stack: Overflows, Counter-measures, and the Real World - good discussion into how the NX bit, canaries, and stack randomization still are vulnerable. Also discusses the state of the various solutions available on different platforms.

Hardware Hacking for Software Geeks - this was my favorite talk - they went into the various reverse engineering techniques focusing on routers under the OpenWRT project. JTAG, BDM, flash ripping, IDA Pro. Lots of cool stuff.

I'm at the TCP/IP drinking game now, and then will head over to Hacker Jeopardy.

Undercover Reporter Outed, Flees DefCon Conference

When I was at Tactical Exploitation yesterday, the Defcon staff announced that a reporter had failed to register as being with the press and had been caught using a hidden cam. The story got some press:

Undercover Reporter Outed, Flees DefCon Conference

NBC muckraker outed at Defcon

Undercover NBC Dateline reporter bolts from DEFCON 2007

I like this:

"It came to our attention that a reporter might be here with a hidden pinhole camera," Moss told the crowd, which he said left two options. One was to let her corner some 13-year-old kid and get him to admit to hacking. The other was to escort her away.

Fortunately, the article fails to mention that a large number of people responded to Dark Tangent's question by shouting, "String her up!"

Friday talks

What sort of talks does defcon have? Here are some of the talks I attended on Friday:

Q&A with Bruce Schneier - went to a really good talk given by the guy who wrote Applied Cryptography. He's kind of idolized in the hacker community. For some insights as to what he has done, check out this link:

No really, click on the link, it's hilarious.

ZPhone - Philip Zimmerman - a really cool tool by the guy who invented PGP that allows you to encrypt VOIP calls with unmodified clients. So I can now do voice conferencing with iChat and feel secure that nobody is listening!

Everything you ever wanted to know about Police Procedure in 50 minutes - a talk given by a lawyer on police procedure relating to powers of arrest, miranda, and searches. Questions from the audience were along the lines of "If I rig up my door so that if it gets kicked in then my hard drive will automatically be wiped, does that constitute destruction of evidence??

Tactical Exploitation - a really good article that discusses the various ways to compromise networks without detection - it's the notion of the sniper rifle compared to carpet bombing. The demo'd a really awesome exploit too on Windows XP workstations. I should try that on Monday and see if I can snag Ben's credentials. Just kidding, Ben... Or am I????

The real fun starts today though.

Photos from Defcon

Here are some photos I took yesterday at DefCon

What does the conference look like?

This one isn't actually an underexposed picture. It really is that dark in there.

Here are a couple of entries from the "Robot Wars" competition. They are fully autonomous robotic gun turrets that compete at shooting at three inch circular targets at ten feet.

This is the EFF Dunking booth. All proceeds go to the Electronic Frontier Foundation

More photos later!

Friday, August 3, 2007

Room with a view

Ok, so actually the view kind of sucks. I'm on the 27th floor but not facing the strip so all I can see is the Stratosphere.

Will write more toward the end of the day.

Thursday, August 2, 2007

Packing for a hacker convention

So what does one take when going to a hacker convention?

  • 3 days worth of shorts and shirts. Shirts that say geeky things like "Obey Gravity, it's the law" and "Where is my flying car?" make friends faster than regular old nerdy clothes
  • Cash - hacker conventions don't take credit cards or personal checks, and every year I have gone they had to unplug the ATM that was in the hotel hosting the conference because it got hacked (so think twice about using the ATM at the convention)
  • Laptop - I usually do a format and install a toolchain with all the latest security fixes. Be prepared to to reformat it immediately upon returning. While Defcon has been called "the worlds most hostile network" and this is partly flattery, it is the sort of place where you want to think twice about having your Quicken records on your laptop.
  • Cat-5 cable. This has come in handy every time I went
  • Linux handheld - something to play with. Mine has wifi built in, which makes for some added fun.
  • Digital camera and iPod - Because you know you might want to take a picture or something. Or maybe listen to some music...
  • USB removable media - you never know what gems you might find along the way. I prefer to have a few cheap USB flash drives for simple stuff and I keep my 80GB drive in my bag in case I need it.
  • Toiletries - sounds kind of obvious, but I almost walked out the door this morning without any personal hygiene products. Smelly hackers don't make many friends at these things (despite the stereotypes)

I managed to jam it all into one backpack, which helps avoid the lines at the baggage claim and run the risk of getting your bag lost.

Things you don't need to bring

  • Hand tools - although there can be some fun applications for these at a place like this, unless you check them with your baggage they're likely to get confiscated at airport security. Just ask Dan, he knows firsthand. You know, a screwdriver can be a weapon?
  • Installation media for your OS - Don't bother. If your PC gets broken so badly you have to do a clean install, you won't be able to get the security updates loaded again before you get rooted
  • Lock picks - The convention has a huge lockpicking area which is cool, but you're likely to get any you bring with you confiscated at the airport. Buy a cheap set there and mail them back to yourself a the end of the weekend.

Wednesday, August 1, 2007

Where is my old copy of Batch Files for Dummies?

So I spent the bulk of yesterday morning reminding myself how to write DOS batch files. We have a new customer who is trying to write pre/post scripts for Windows, and has never heard of using a non-zero exit code to indicate failure.

Well I haven't done any batch file programming in about a decade, so I'm a little rusty. For example, I had forgotten about this little gem:

@echo off

call runsomeprogram.bat
if errorlevel 0 goto dosomething


In this case, "errorlevel" doesn't do what you would expect it to. You would think that if errorlevel was equal to zero, then the "goto dosomething" would happen. According to Microsoft's infinite wisdom, checks for errorlevel are for "equal to or greater than". Therefore in this case if the return value was 63 it would still evaluate to true. In fact, in EVERY case the if statement would evaluate to true (DOS doesn't support negative exit codes). Doh.

The irony of course, is that I'm doing this at all. Sure I had to look up some of the nuance of the syntax, but it's not like there is some shortage of documentation on the Interweb for batch file programming. I had to write a series of examples for the customer demonstrating how to use exit codes and environment variables. Surely there has to be some better use of my time?