Archive for the ‘software’ Category
Scott Aaronson over at Shtetl-Optimized describes a project for the summer of 2009 that I find very interesting.
The web app — tentatively called “Worldview Manager” — is intended to help people ferret out hidden contradictions in their worldviews. Think of a kindly, patient teacher in a philosophy seminar who never directly accuses students of irrationality, but instead uses Socratic questioning to help them clarify their own beliefs.
The problem of hidden contradictions in people’s thought processes is a huge one. I’ve mentioned here on my own blog (and on countless others in comment threads) that the failure of the U.S. educational system to teach logic is a major hole in brain training. You see the consequences everywhere, but they are perhaps most blatantly obvious whenever you come across a discussion board or comment thread involving politics.
Training people how to think rationally is desperately needed, but this idea has some interesting implications itself in attacking the problem from the other end. The biggest weakness I can see immediately is that the exams will be difficult to structure properly (something Scott acknowledges himself in the post). In the comment thread, Gareth pointed out these two exams that follow the same idea that Scott has:
They’re somewhat simplistic, and I find myself critical of some of the assumptions (you can read the details in the comment thread of Scott’s post), but the FAQ does acknowledge some of my criticisms, and any way you slice it they’re still interesting. Take ’em and post your results in the comments here (for the record, I scored “7% tension” on the philosophy health test and “2 hits” on the God exam).
I think it would be a fun project to work on, if you’re a CS student you should check it out.
WordPress uses Akismet spam detector to keep spam posts off of wordpress.com hosted blogs. Akismet is developed by the same crew that develops the wordpress software itself.
I’ve been blogging here since March 23rd, 2007. Since then, I have had exactly three comments show up in my “to be considered valid” comments queue that were likely spam (in fact, they were largely meaningless comments with an blog-linked poster name, so not exactly spam, just people trying to drum up a couple extra links)… and exactly one comment that showed up in my Akismet spam comments queue that was a real comment. There are 499 published comments on this blog at the time of this writing.
That’s a damn fine “false positive” and “false negative” rate for any spam scanner. I commend Matt and crew.
Last week Red Hat detected an intrusion on certain of its computer systems and took immediate action. While the investigation into the intrusion is on-going, our initial focus was to review and test the distribution channel we use with our customers, Red Hat Network (RHN) and its associated security measures. Based on these efforts, we remain highly confident that our systems and processes prevented the intrusion from compromising RHN or the content distributed via RHN and accordingly believe that customers who keep their systems updated using Red Hat Network are not at risk. We are issuing this alert primarily for those who may obtain Red Hat binary packages via channels other than those of official Red Hat subscribers.
In connection with the incident, the intruder was able to sign a small number of OpenSSH packages relating only to Red Hat Enterprise Linux 4 (i386 and x86_64 architectures only) and Red Hat Enterprise Linux 5 (x86_64 architecture only). As a precautionary measure, we are releasing an updated version of these packages, and have published a list of the tampered packages and how to detect them at http://www.redhat.com/security/data/openssh-blacklist.html
Man, would I love to see how package signing occurs at Red Hat. I’m going to guess that they’re doing it wrong.
Basically, someone’s managed to get a trojaned SSH package signed by the RH signing authority. Since they were (apparently) unable to get the compromised package into the Red Hat Network, all RHEL customers that use RHN for their updates should be okay.
However, if you use… say… CentOS in your enterprise, it’s probably a good idea for you to take a long hard look at your package repository. You can’t rely on “hey, signature checks out!” to verify trustworthiness.
This is one of those security announcements that is of small immediate practical impact, but worrisome in implications. How does RH sign their packages? How did this occur? How do we know it won’t occur again? I expect the answers to those questions are (a) we’re not going to tell you (b) we’re not going to tell you and (c) trust us, nothing really bad happened this time, right? Slashdot thread.
Full disclosure time, boys. Who screwed up?
Here’s an interesting blog post detailing… well, not much.
The risks mean we’ve had to be really careful who has signing privileges with the legacy key and how the key signing is handled.
The new key, in contrast, was created in a hardware cryptographic device which does not allow the unprotected key material to be exported. This means we can give authorised signers the ability to sign with the key, but no one can ever can get access to the key material itself. This is an important distinction. If for example a current authorised signer switches roles and is no longer responsible for package signing we can instantly revoke their rights and know that they no longer have the ability to sign any more packages with that key.
Two immediate possibilities spring to mind: someone was able to socially engineer a signer into signing a package, or the process has some level of automation in it, and the attacker was able to inject the bad package somewhere in the automation. Either way, it illustrates the point that cryptography isn’t generally the hardest part of security, it’s process that’s the sticky widget.
Let’s say you just decided to reinstall your machine. You pull out your Windows XP installation disk, install Windows XP, Service Pack 2 from disk. Then you connect to WIndows update to install updates.
You’re about to break your machine, but only a little.
See, there’s an update to Windows Update that has to be installed before you do anything else. However, after you apply this update, the next thing Windows Update is going to do is download and install Windows XP Service Pack 3. If you didn’t perform a reboot in there (and why should you, it didn’t ask you to), installing Windows XP SP3 breaks your ability to automatically update. The reason:
The latest version of Windows Update includes a file that was not available in the release version of Windows XP. This file is named Wups2.dll. Therefore, after the repair operation (or reinstall) is complete, the following situation exists:
||The Wups2.dll file remains on the computer.
||The registry entries that correspond to this file are missing.
Because the registry files that correspond to the Wups2.dll file are missing, update installations are unsuccessful.
Microsoft hasn’t messed up something like this in a while, tisk tisk.
Here’s the fix:
Method 1: Register the Wups2.dll file in Windows
To register the Wups2.dll file in Windows, follow these steps:
||Stop the Automatic Updates service. To do this, follow these steps:
||Click Start, click Run, type cmd, and then click OK.
||At the command prompt, type the following command, and then press ENTER:
net stop wuauserv
||Register the Wups2.dll file. To do this, follow these steps:
||At the command prompt, type the following command, and then press ENTER:
Note For a computer that is running Windows XP Professional x64 Edition, type the following command, and then press ENTER:
||Click OK on each verification message that you receive.
||Start the Automatic Updates service. To do this, type the following command at the command prompt, and then press ENTER:
net start wuauserv
||Exit the command prompt. To do this type exit, and then press ENTER.
Back to the top
Thunderbird got itself into an endless loop today on the home PC, trying to update itself. Contents of the error message: “One or more files cannot be opened for editing”.
Wow, thanks, that’s very illustrative – can’t you tell me *which* file? Turned out the culprit was mozMapi32.dll, a file located in Thunderbird’s program files directory. Something (other than Thunderbird) was locking the file.
A little investigation showed that the root cause of the problem was likely my logitech web cam, killing off the web cam software enabled me to delete the file and do a clean install of Thunderbird 184.108.40.206.
What? Why in heaven is my web cam software locking files in another program’s directory? Now, I’m not entirely positive that the root cause is the web cam software, I didn’t test out this theory rigorously. But a google search shows that logitech software has been suspected as the root cause of update problems for quite some time now.
So, if you have a logitech web cam (or possibly any logitech device; I’ll try to replicate this problem with the web cam uninstalled and the wireless mouse plugged in), expect update problems. Turn off your web cam software (annoyingly, the easily accessible logitech software does not provide “do not launch at boot” as
Nice going, dev squad at Logitech. If in fact you’re the root cause of this problem, you’ve managed to replicate bad behavior that I haven’t seen since late Windows 98… and you’ve left it broken for quite some time now without fixing it.
I’ll try to take the time to verify this post-haste. If this is the case, I’d have to consider not recommending Logitech devices in general…
I bought a tablet PC (a Fujitsu) almost a year ago. I’ve mentioned it before, but I’ve been meaning to blog about it a bit more thoroughly and just haven’t gotten around to it.
Switching over to a tablet is foundationally a major change in how you use your computer. Normally, when I buy a new machine, I spend a considerable amount of time getting it tweaked *just the way I like it*. Flip this dial, turn that switch, install this widget, etc. I didn’t do that with this computer. Why? Because I wanted to use it for a while to find out how it was different, so that I could at some point in the future blow it away and reinstall it clean to *just the way I like it*. I knew that when it came to the tablet, *just the way I like it* was something that was going to be different from non-tablet computing, and I wanted to play with it for a while to find out what those differences were. More on that in my next post.
Well, I played with it for a year. I learned a lot of things about my interface with the computer. I installed a lot of software (some of which I’ll install again, some of which I decided was horrible). I hooked it up to a number of different peripherals, installed drivers, uninstalled drivers, messed with the registry, etc. I’ve hacked this thing pretty hard in the last 12 months.
I’ve killed it, finally. This was expected, so it’s no big deal. But today I plugged it into my docking station here at work and it’s decided that it can’t recognize my external display’s native resolution (I’ll post about that too, someone else has had this problem). The difference between 1600 x 1200 and 1650 x 1280 doesn’t seem like a lot, but looking at any display in a non-native resolution is like listening to a symphony with the strings section muted 50%… it drives me nuts. I reapplied the fix that made this problem go away 8 months ago, no dice. One of the other devices I’ve installed (the webcam, the wireless mouse, the printer, some native fujitsu driver, whatever) is futzing something up. That’s more or less normal for a Windows box that’s about a year old, anyway.
So, I have to take off an nuke the entire site from orbit. It’s long overdue. It’s going to drive me to make a couple of changes in how I use my computer on a daily basis, instead of doing things halfway between how I used to do them and how I do them now. I’ll finally be using 80% of the tablet’s functionality. I’ll actually post a bit about the machine, in hopes that any gentle readers might learn something interesting.
Now if I can just find the installation disk…
Full title, “Managing Humans: Biting and Humorous Tales of a Software Engineering Manager” by Michael Lopp, writer of Rands in Repose.
I appear to have been bitten by a bug (a viral bug, not an insect) and have spent the last four hours in bed on vacation, during which I pounded through this quite handily. Lopp is hilarious and engaging and spins some interesting yarns that are applicable to anyone who manages people, or anyone who has a manager, regardless of industry.
The book is mostly (or perhaps all, I didn’t check rigorously) comprised of existing blog posts, so if you’ve been a follower of Rands in Repose for a while, you’ll only be interested if you’re like me and appreciate books as works in and of themselves as entire entities… something David Weinberger, author of one of my other nightstand occupants “Everything is Miscellaneous: The Power of the New Digital Disorder” would undoubtedly find quaint.
If you are an IT worker or a manager of any stripe, Managing Humans is required reading. I choose a quote from page 111 as my favorite section of the book:
Fact is, your world is changing faster than you’ll ever be able to keep up with, and you can view that fact from two different perspectives:
- I believe I can control my world, and through an aggressive campaign of task management, personal goals, and a can do attitude, I will succeed in doing the impossible. Go me!
- I know there is no controlling the world, but I will fluidly surf the entropy by constantly changing myself.
Surfing entropy takes confidence. This isn’t Tony Robbins confidence; this is a personal confidence you earn by constantly adapting yourself to the impossible.
Good stuff, and interesting insight from someone who has written interesting and involved dissertations on pens, notebooks, and coffee mugs. Hang ten, everybody.